13 matches found
CVE-2026-41406
OpenClaw (npm) is affected by CVE-2026-41406: before 2026.3.31, a sender allowlist bypass via thread history and quoted messages allows remote attackers to access restricted messages. The root cause is bypassing the sender allowlist by exploiting fetched quoted, root, and thread context messages....
CVE-2026-41406 OpenClaw < 2026.3.31 - Sender Allowlist Bypass via Thread History and Quoted Messages
OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability that allows remote attackers to access restricted messages. Attackers can exploit fetched quoted, root, and thread context messages to bypass sender allowlist restrictions and retrieve unauthorized content...
Duplicate Advisory: OpenClaw: MSTeams thread history bypasses sender allowlist via Graph API
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-chfm-xgc4-47rj. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability in MS Teams thread history fetched via Gra...
GHSA-8PF2-VJ79-4WXG Duplicate Advisory: OpenClaw: MSTeams thread history bypasses sender allowlist via Graph API
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-chfm-xgc4-47rj. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability in MS Teams thread history fetched via Gra...
CVE-2026-41365
OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability in MS Teams thread history fetched via Graph API. Attackers can retrieve thread messages that should be filtered by sender allowlists, bypassing message filtering restrictions...
EUVD-2026-25945
OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability in MS Teams thread history fetched via Graph API. Attackers can retrieve thread messages that should be filtered by sender allowlists, bypassing message filtering restrictions...
CVE-2026-41365 OpenClaw < 2026.3.31 - Sender Allowlist Bypass via Graph API Thread History
OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability in MS Teams thread history fetched via Graph API. Attackers can retrieve thread messages that should be filtered by sender allowlists, bypassing message filtering restrictions...
CVE-2026-41365 OpenClaw < 2026.3.31 - Sender Allowlist Bypass via Graph API Thread History
OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability in MS Teams thread history fetched via Graph API. Attackers can retrieve thread messages that should be filtered by sender allowlists, bypassing message filtering restrictions...
PT-2026-35553
OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability in MS Teams thread history fetched via Graph API. Attackers can retrieve thread messages that should be filtered by sender allowlists, bypassing message filtering restrictions...
OpenClaw: MSTeams thread history bypasses sender allowlist via Graph API
Summary MSTeams thread history bypasses sender allowlist via Graph API Current Maintainer Triage - Status: open - Normalized severity: medium - Assessment: Real in shipped v2026.3.28 MS Teams because Graph-fetched thread history bypasses sender allowlists, with unreleased mainline filtering fix...
GHSA-CHFM-XGC4-47RJ OpenClaw: MSTeams thread history bypasses sender allowlist via Graph API
Summary MSTeams thread history bypasses sender allowlist via Graph API Current Maintainer Triage - Status: open - Normalized severity: medium - Assessment: Real in shipped v2026.3.28 MS Teams because Graph-fetched thread history bypasses sender allowlists, with unreleased mainline filtering fix...
OpenClaw: Feishu thread history and quoted messages bypass sender allowlist
Summary Feishu thread history and quoted messages bypass sender allowlist Current Maintainer Triage - Status: open - Normalized severity: medium - Assessment: Real in shipped v2026.3.28 Feishu because fetched quoted/root/thread context bypasses sender allowlists, and SECURITY.md does not exempt...
GHSA-877V-W3F5-3PCQ OpenClaw: Feishu thread history and quoted messages bypass sender allowlist
Summary Feishu thread history and quoted messages bypass sender allowlist Current Maintainer Triage - Status: open - Normalized severity: medium - Assessment: Real in shipped v2026.3.28 Feishu because fetched quoted/root/thread context bypasses sender allowlists, and SECURITY.md does not exempt...