GHSA-R849-826X-WGQM Duplicate Advisory: Signal group allowlist authorization bypass via DM pairing-store leakage

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wm8r-w8pf-2v6w. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal group allowlist polic...

Duplicate Advisory: Signal group allowlist authorization bypass via DM pairing-store leakage

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wm8r-w8pf-2v6w. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal group allowlist polic...

CVE-2026-31991

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal group allowlist policy incorrectly accepts sender identities from DM pairing-store approvals. Attackers can exploit this boundary weakness by obtaining DM pairing approval to bypass group allowlist...

CVE-2026-31991 OpenClaw < 2026.2.26 - Authorization Bypass via DM Pairing-Store Leakage in Signal Group Allowlist

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal group allowlist policy incorrectly accepts sender identities from DM pairing-store approvals. Attackers can exploit this boundary weakness by obtaining DM pairing approval to bypass group allowlist...

CVE-2026-31991 OpenClaw < 2026.2.26 - Authorization Bypass via DM Pairing-Store Leakage in Signal Group Allowlist

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal group allowlist policy incorrectly accepts sender identities from DM pairing-store approvals. Attackers can exploit this boundary weakness by obtaining DM pairing approval to bypass group allowlist...

CVE-2026-31991

OpenClaw

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.26 contained security vulnerabilities. These vulnerabilities stemmed from an authorization bypass in the Signal group permission list policy, which could allow unauthorized acce...

PT-2026-26231

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal group allowlist policy incorrectly accepts sender identities from DM pairing-store approvals. Attackers can exploit this boundary weakness by obtaining DM pairing approval to bypass group allowlist...

US Border Patrol Is Spying on Millions of American Drivers

Plus: The SEC lets SolarWinds off the hook, Microsoft stops a historic DDoS attack, and FBI documents reveal the agency spied on an immigration activist Signal group in New York City...

Here’s What Happened to Those SignalGate Messages

A lawsuit over the Trump administration’s infamous Houthi Signal group chat has revealed what steps departments took to preserve the messages—and how little they actually saved...

Even More Venmo Accounts Tied to Trump Officials in Signal Group Chat Left Data Public

WIRED has found four new Venmo accounts that appear to be associated with Trump officials who were in an infamous Signal chat. One made a payment with a note consisting solely of an eggplant emoji...