6 matches found
CVE-2026-41379
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Talk Voice configuration persistence. Attackers with operator.write privileges can exploit the chat.send endpoint to reach and modify sensitive voi...
CVE-2026-41379
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Talk Voice configuration persistence. Attackers with operator.write privileges can exploit the chat.send endpoint to reach and modify sensitive voi...
CVE-2026-41379 OpenClaw < 2026.3.28 - Privilege Escalation via chat.send to Admin-Class Talk Voice Config
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Talk Voice configuration persistence. Attackers with operator.write privileges can exploit the chat.send endpoint to reach and modify sensitive voi...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from permission escalation vulnerabilities, allowing authenticated operators with write permissions to acces...
PT-2026-35764
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description Authenticated operators with write permissions can escalate privileges to access admin-class Talk Voice configuration persistence. This is possible by exploiting the 'chat.send' endpoint to reac...
Improper Handling of Insufficient Permissions or Privileges
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges via the operator.write module reaching admin-class Talk Voice configuration persistence through chat.send. An attacker can gain...