Lucene search
K

7 matches found

OSV
OSV
added 2026/07/02 4:54 p.m.4 views

GHSA-HCM3-8F6R-6XWG OpenClaw: Browser debug/export routes could reuse already-open blocked tabs

Summary Browser debug/export routes could reuse already-open blocked tabs. In affected versions, a caller that can reference an already-open browser tab could reuse blocked private-network tabs without reapplying the expected SSRF policy. This advisory is scoped to the named feature and...

6.5CVSS6AI score0.00155EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 4:48 p.m.5 views

GHSA-W4V6-G3WM-W36C OpenClaw: QQBot admin commands could skip DM-only and allowFrom policy

Summary QQBot admin commands could skip DM-only and allowFrom policy. In affected versions, a QQBot sender able to trigger the exported command could route admin commands without the QQBot-specific DM-only and allowFrom checks. This advisory is scoped to the named feature and configuration. It do...

9.3CVSS6AI score0.00148EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 4:34 p.m.10 views

GHSA-JVM4-4J77-39P6 OpenClaw: QQBot streaming command could mutate config without explicit allowFrom

Summary QQBot streaming command could mutate config without explicit allowFrom. In affected versions, a QQBot sender reaching the affected command could change configuration without requiring an explicit non-wildcard allowlist entry. This advisory is scoped to the named feature and configuration...

8.7CVSS6AI score0.00172EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/29 5:22 p.m.10 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the browser debug and export routes. An attacker can access sensitive internal resources by reusing already-open blocked tabs to export or inspect content that...

6.5CVSS5.5AI score0.00155EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/29 3:9 p.m.12 views

CVE-2026-34507

OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authenticated senders to skip DM-only and allowFrom policy checks. Attackers can route admin commands from unauthorized senders or contexts to execute restricted behavior that policy should have...

5.4CVSS5.9AI score0.00148EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.29 contained security vulnerabilities. These vulnerabilities stemmed from a strategy-bypass vulnerability in QQBot administrator commands, which allowed authenticated senders to...

5.4CVSS5.9AI score0.00148EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/04/17 10:18 p.m.8 views

@0xwork/connect (>=0.1.0 <=0.1.7), @agentholdings/agent-passport (>=0.1.0 <=0.1.5) +23 more potentially affected by CVE-2026-43576 via openclaw (>=2026.3.22 <=2026.4.29)

openclaw NPM version =2026.3.22, =0.1.0, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =0.0.0, =27.2.5, =1.1.0, =2.1.3, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =0.2.18 and more Source cves: CVE-2026-43576 Source advisory: SNYK:JS-OPENCLAW-16109735...

7.7CVSS5.7AI score0.00265EPSS
Exploits0
Rows per page
Query Builder