395 matches found
Duplicate Advisory: OpenClaw: Hook mapping templates could bypass hook session-key opt-in
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2xcp-x87w-q377. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.20 contains a hook session-key bypass vulnerability that allows attackers to circumvent the...
EUVD-2026-29147
OpenClaw before 2026.4.20 contains a hook session-key bypass vulnerability that allows attackers to circumvent the hooks.allowRequestSessionKey opt-in restriction. Attackers can render externally influenced session keys through templated hook mappings to bypass webhook routing isolation controls...
GHSA-9J32-3M66-MC4M Duplicate Advisory: OpenClaw: Hook mapping templates could bypass hook session-key opt-in
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2xcp-x87w-q377. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.20 contains a hook session-key bypass vulnerability that allows attackers to circumvent the...
CVE-2026-45002
OpenClaw before 2026.4.20 contains a hook session-key bypass vulnerability that allows attackers to circumvent the hooks.allowRequestSessionKey opt-in restriction. Attackers can render externally influenced session keys through templated hook mappings to bypass webhook routing isolation controls...
CVE-2026-45002 OpenClaw < 2026.4.20 - Hook Session-Key Bypass via Template Mapping
OpenClaw before 2026.4.20 contains a hook session-key bypass vulnerability that allows attackers to circumvent the hooks.allowRequestSessionKey opt-in restriction. Attackers can render externally influenced session keys through templated hook mappings to bypass webhook routing isolation controls...
CVE-2026-45002
OpenClaw before 2026.4.20 contains a hook session-key bypass vulnerability that allows attackers to circumvent the hooks.allowRequestSessionKey opt-in restriction. Attackers can render externally influenced session keys through templated hook mappings to bypass webhook routing isolation controls...
CVE-2026-45002 OpenClaw < 2026.4.20 - Hook Session-Key Bypass via Template Mapping
OpenClaw before 2026.4.20 contains a hook session-key bypass vulnerability that allows attackers to circumvent the hooks.allowRequestSessionKey opt-in restriction. Attackers can render externally influenced session keys through templated hook mappings to bypass webhook routing isolation controls...
CVE-2026-45002
OpenClaw prior to 2026.4.20 contains a hook session-key bypass vulnerability that lets an attacker bypass the hooks.allowRequestSessionKey opt-in restriction. By using templated hook mappings, externally influenced session keys can be rendered to bypass webhook routing isolation controls. The ava...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.20 contained security vulnerabilities. These vulnerabilities stemmed from a flaw related to hook session keys, which could allow attackers to bypass the...
PT-2026-39691
OpenClaw before 2026.4.20 contains a hook session-key bypass vulnerability that allows attackers to circumvent the hooks.allowRequestSessionKey opt-in restriction. Attackers can render externally influenced session keys through templated hook mappings to bypass webhook routing isolation controls...
SUSE CVE-2026-31773
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: derive legacy responder STK authentication from MITM state The legacy responder path in smprandom currently labels the stored STK as authenticated whenever pendingseclevel is BTSECURITYHIGH. That reflects what the...
OpenClaw: Hook mapping templates could bypass hook session-key opt-in
Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact Templated hook mapping sessionKey values were treated differently from request-supplied session keys. A hook mapping could render an externally influenced session key even when...
NPM: OpenClaw: Hook mapping templates could bypass hook session-key opt-in
NPM: OpenClaw: Hook mapping templates could bypass hook session-key opt-in vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...
Authorization Bypass Through User-Controlled Key
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the sessionKey process. An attacker can gain unauthorized access to webhook routing by supplying externally influenced session keys...
GHSA-2XCP-X87W-Q377 OpenClaw: Hook mapping templates could bypass hook session-key opt-in
Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact Templated hook mapping sessionKey values were treated differently from request-supplied session keys. A hook mapping could render an externally influenced session key even when...
EUVD-2026-23983
HKUDS OpenHarness prior to PR 159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to hijack other users' sessions by exploiting a shared ohmo session key that lacks sender identity verification. Attackers can reuse...
CVE-2026-6729
HKUDS OpenHarness prior to PR 159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to hijack other users' sessions by exploiting a shared ohmo session key that lacks sender identity verification. Attackers can reuse...
CVE-2026-6729 HKUDS OpenHarness Session Key Collision Privilege Escalation
HKUDS OpenHarness prior to PR 159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to hijack other users' sessions by exploiting a shared ohmo session key that lacks sender identity verification. Attackers can reuse...
CVE-2026-6729 HKUDS OpenHarness Session Key Collision Privilege Escalation
HKUDS OpenHarness prior to PR 159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to hijack other users' sessions by exploiting a shared ohmo session key that lacks sender identity verification. Attackers can reuse...
CVE-2026-6729
CVE-2026-6729 concerns HKUDS OpenHarness before PR #159, where a session key derivation flaw allows authenticated participants in shared chats/threads to hijack other users’ sessions by exploiting a shared ohmo session key without sender identity verification. This enables reuse of another user’s...