Lucene search
K

5 matches found

Snyk
Snyk
added 2026/03/31 1:40 p.m.5 views

Interpretation Conflict

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Interpretation Conflict in the system.run approval process. An attacker can execute unintended local code by crafting wrapper binaries and inducing operators to approve misleading command...

8CVSS6AI score0.00272EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/13 6:58 p.m.3 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the Discord reaction ingestion for guild channels. An attacker can gain unauthorized access to restricted session events by sending reaction events from a...

5.4CVSS5.8AI score0.00151EPSS
Exploits0References2
OSV
OSV
added 2026/03/13 3:48 p.m.4 views

GHSA-JF6W-M8JW-JFXC OpenClaw: Write-scoped callers could reach admin-only session reset logic through `agent`

Summary In affected versions of openclaw, a gateway caller with operator.write could issue agent requests containing /new or /reset and reach the same reset path used by the admin-only sessions.reset RPC. Impact On gateways where a caller is intentionally granted operator.write but not...

6.1CVSS5.8AI score
Exploits0References3
Snyk
Snyk
added 2026/03/13 3:48 p.m.7 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the system.run. An attacker can execute unauthorized local code by obtaining approval for a benign script-runner command, then rewriting the referenced script ...

9.4CVSS6AI score0.00179EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/13 3:47 p.m.2 views

Authorization Bypass Through User-Controlled Key

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through improper authorization in the subagents control. An attacker can gain unauthorized access to sibling session controls by issuing...

9.3CVSS5.8AI score0.00142EPSS
Exploits0References2
Rows per page
Query Builder