Lucene search
K

8 matches found

EUVD
EUVD
added 2026/03/31 12:31 p.m.4 views

EUVD-2026-17382

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing channel commands to mutate protected sibling-account configuration despite configWrites restrictions. Attackers with authorized access on one account can execute channel commands like /config set channels..accounts...

7.1CVSS6AI score0.00194EPSS
Exploits0References3
NVD
NVD
added 2026/03/31 12:16 p.m.2 views

CVE-2026-32976

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing channel commands to mutate protected sibling-account configuration despite configWrites restrictions. Attackers with authorized access on one account can execute channel commands like /config set channels..accounts...

7.1CVSS0.00194EPSS
Exploits0References2
CVE
CVE
added 2026/03/31 11:17 a.m.8 views

CVE-2026-32976

OpenClaw is affected by an authorization bypass in versions before 2026.3.11. An attacker with authorized access on one account can issue channel commands (e.g., /config set channels..accounts.) to mutate protected sibling-account configurations despite configWrites: false. Impact is the modifica...

7.1CVSS6AI score0.00194EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/31 11:17 a.m.4 views

CVE-2026-32976

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing channel commands to mutate protected sibling-account configuration despite configWrites restrictions. Attackers with authorized access on one account can execute channel commands like /config set channels..accounts...

7.1CVSS6AI score0.00194EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/31 11:17 a.m.22 views

CVE-2026-32976 OpenClaw < 2026.3.11 - Account-Scoped configWrites Policy Bypass via Channel Commands

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing channel commands to mutate protected sibling-account configuration despite configWrites restrictions. Attackers with authorized access on one account can execute channel commands like /config set channels..accounts...

7.1CVSS0.00194EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/13 3:47 p.m.5 views

OpenClaw: Channel commands could bypass account-scoped `configWrites` restrictions

Summary In affected versions of openclaw, channel-initiated config mutations were authorized against the originating account's configWrites policy but did not consistently re-check the targeted account scope. An authorized sender on one account could mutate protected sibling-account configuration...

5.9AI score
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/03/13 3:47 p.m.3 views

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization through the configWrites authorization. An attacker can modify protected configuration data of sibling accounts by issuing channel commands that target accounts with...

7.1CVSS5.9AI score0.00194EPSS
Exploits0References3
OSV
OSV
added 2026/03/13 3:47 p.m.3 views

GHSA-8JHH-JCQG-MJ5P OpenClaw: Channel commands could bypass account-scoped `configWrites` restrictions

Summary In affected versions of openclaw, channel-initiated config mutations were authorized against the originating account's configWrites policy but did not consistently re-check the targeted account scope. An authorized sender on one account could mutate protected sibling-account configuration...

6.5CVSS5.9AI score
Exploits0References3
Rows per page
Query Builder