Lucene search
K

7 matches found

Snyk
Snyk
added 2026/03/04 6:55 p.m.5 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the processing of Slack interactive callbacks, specifically blockaction, viewsubmission, and viewclosed. An attacker can inject unauthorized system-event text...

8.1CVSS5.8AI score0.00283EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/03 11:11 p.m.2 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the enqueueSystemEvent process. An attacker can add unauthorized reaction status lines to agent contexts by sending specially crafted reaction-only inbound even...

6.3CVSS5.8AI score0.0021EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/03 9:48 p.m.4 views

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the SSRF IP classification. An attacker can access unintended network resources by supplying IPv6 multicast addresses that bypass address classificati...

6.3CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/03/03 9:36 p.m.4 views

GHSA-J26J-7QC4-3MRF OpenClaw: MS Teams fileConsent/invoke missing conversation binding allowed cross-conversation pending-upload consumption

Summary In openclaw MS Teams file-consent flow, pending uploads were authorized by uploadId alone. fileConsent/invoke did not verify the invoke conversation against the conversation that created the pending upload. Impact An attacker who obtained a valid uploadId within TTL could trigger...

5.3CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/03 9:25 p.m.2 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the dm reaction notification process. An attacker can bypass authorization checks and enqueue unauthorized reaction-derived system events by reacting to...

6.3CVSS5.8AI score0.00204EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/03 6:9 p.m.4 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the messagereaction function. An attacker can inject unauthorized system events by sending crafted Telegram reactions, bypassing configured DM or group...

7.1CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/02 11:33 p.m.9 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the system.run approvals. An attacker can cause execution of an unintended binary by crafting a command with a trailing-space in the executable token and...

8.8CVSS6.1AI score0.0029EPSS
Exploits0References3
Rows per page
Query Builder