4 matches found
CVE-2026-27484 OpenClaw Discord moderation authorization used untrusted sender identity in tool-driven flows
OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the Discord moderation action handling timeout, kick, ban uses sender identity from request parameters in tool-driven flows, instead of trusted runtime sender context. In setups where Discord moderation actions are enabled and...
CVE-2026-27484 OpenClaw Discord moderation authorization used untrusted sender identity in tool-driven flows
OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the Discord moderation action handling timeout, kick, ban uses sender identity from request parameters in tool-driven flows, instead of trusted runtime sender context. In setups where Discord moderation actions are enabled and...
GHSA-WH94-P5M6-MR7J OpenClaw Discord moderation authorization used untrusted sender identity in tool-driven flows
Overview Discord moderation action handling timeout, kick, ban used sender identity from request parameters in tool-driven flows, instead of trusted runtime sender context. Impact In setups where Discord moderation actions are enabled and the bot has the necessary guild permissions, a non-admin...
OpenClaw Discord moderation authorization used untrusted sender identity in tool-driven flows
Overview Discord moderation action handling timeout, kick, ban used sender identity from request parameters in tool-driven flows, instead of trusted runtime sender context. Impact In setups where Discord moderation actions are enabled and the bot has the necessary guild permissions, a non-admin...