Lucene search
K

4 matches found

EUVD
EUVD
added 2026/05/11 6:31 p.m.11 views

EUVD-2026-29158

A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component bluebubbles Webhook. Performing a manipulation results in improper authentication. It is possible to...

7.5CVSS6.8AI score0.00636EPSS
Exploits1References10
NVD
NVD
added 2026/05/11 6:16 p.m.17 views

CVE-2026-8305

A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component bluebubbles Webhook. Performing a manipulation results in improper authentication. It is possible to...

9.8CVSS0.00636EPSS
Exploits1References9
OSV
OSV
added 2026/03/02 10:43 p.m.15 views

GHSA-47Q7-97XP-M272 OpenClaw: Config writes could persist resolved ${VAR} secrets to disk

Summary OpenClaw hooks previously compared the provided hook token using a regular string comparison. Because this comparison is not constant-time, an attacker with network access to the hooks endpoint could potentially use timing measurements across many requests to gradually infer the token. In...

6.9CVSS5.9AI score0.00284EPSS
Exploits0References5
Snyk
Snyk
added 2026/02/17 4:43 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the sessionKey parameter in the POST /hooks/agent endpoint. An attacker can inject messages or prompts into arbitrary sessions by...

7.1CVSS6AI score0.00284EPSS
Exploits0References2
Rows per page
Query Builder