19 matches found
GHSA-9J32-3M66-MC4M Duplicate Advisory: OpenClaw: Hook mapping templates could bypass hook session-key opt-in
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2xcp-x87w-q377. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.20 contains a hook session-key bypass vulnerability that allows attackers to circumvent the...
CVE-2026-45002 OpenClaw < 2026.4.20 - Hook Session-Key Bypass via Template Mapping
OpenClaw before 2026.4.20 contains a hook session-key bypass vulnerability that allows attackers to circumvent the hooks.allowRequestSessionKey opt-in restriction. Attackers can render externally influenced session keys through templated hook mappings to bypass webhook routing isolation controls...
CVE-2026-45002
OpenClaw prior to 2026.4.20 contains a hook session-key bypass vulnerability that lets an attacker bypass the hooks.allowRequestSessionKey opt-in restriction. By using templated hook mappings, externally influenced session keys can be rendered to bypass webhook routing isolation controls. The ava...
PT-2026-39691
OpenClaw before 2026.4.20 contains a hook session-key bypass vulnerability that allows attackers to circumvent the hooks.allowRequestSessionKey opt-in restriction. Attackers can render externally influenced session keys through templated hook mappings to bypass webhook routing isolation controls...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.20 contained security vulnerabilities. These vulnerabilities stemmed from a flaw related to hook session keys, which could allow attackers to bypass the...
Authorization Bypass Through User-Controlled Key
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the sessionKey process. An attacker can gain unauthorized access to webhook routing by supplying externally influenced session keys...
GHSA-2XCP-X87W-Q377 OpenClaw: Hook mapping templates could bypass hook session-key opt-in
Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact Templated hook mapping sessionKey values were treated differently from request-supplied session keys. A hook mapping could render an externally influenced session key even when...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities were caused by a problem with the Webhook path routing in the Synology Chat extension, which could lead to bypassing...
OpenClaw has an unspecified vulnerability (CNVD-2026-13596)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from a Webhook routing issue in the Google Chat monitor component, which can be exploited by an attacker to cause cross-account policy context misrouting that bypass...
CVE-2026-28469
OpenClaw versions prior to 2026.2.14 contain a webhook routing vulnerability in the Google Chat monitor component that allows cross-account policy context misrouting when multiple webhook targets share the same HTTP path. Attackers can exploit first-match request verification semantics to process...
CVE-2026-28469
OpenClaw versions prior to 2026.2.14 contain a webhook routing vulnerability in the Google Chat monitor component that allows cross-account policy context misrouting when multiple webhook targets share the same HTTP path. Attackers can exploit first-match request verification semantics to process...
CVE-2026-28469
OpenClaw versions prior to 2026.2.14 contain a webhook routing vulnerability in the Google Chat monitor component that allows cross-account policy context misrouting when multiple webhook targets share the same HTTP path. Attackers can exploit first-match request verification semantics to process...
CVE-2026-28469 OpenClaw < 2026.2.14 - Cross-Account Policy Context Misrouting via Shared Webhook Path Ambiguity
OpenClaw versions prior to 2026.2.14 contain a webhook routing vulnerability in the Google Chat monitor component that allows cross-account policy context misrouting when multiple webhook targets share the same HTTP path. Attackers can exploit first-match request verification semantics to process...
CVE-2026-28469
OpenClaw versions prior to 2026.2.14 contain a webhook routing vulnerability in the Google Chat monitor component that allows cross-account policy context misrouting when multiple webhook targets share the same HTTP path. Attackers can exploit first-match request verification semantics to process...
CVE-2026-28469 OpenClaw < 2026.2.14 - Cross-Account Policy Context Misrouting via Shared Webhook Path Ambiguity
OpenClaw versions prior to 2026.2.14 contain a webhook routing vulnerability in the Google Chat monitor component that allows cross-account policy context misrouting when multiple webhook targets share the same HTTP path. Attackers can exploit first-match request verification semantics to process...
EUVD-2026-9915
OpenClaw versions prior to 2026.2.14 contain a webhook routing vulnerability in the Google Chat monitor component that allows cross-account policy context misrouting when multiple webhook targets share the same HTTP path. Attackers can exploit first-match request verification semantics to process...
CVE-2026-28469
OpenClaw vulnerable in versions prior to 2026.2.14 due to a webhook routing flaw in the Google Chat monitor component that enables cross-account policy context misrouting when multiple webhook targets share the same HTTP path. Attackers can exploit first-match request verification semantics to pr...
OpenClaw 安全漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from a Webhook routing issue in the Google Chat monitor component, which can be exploited by an attacker to cause cross-account policy context misrouting that bypass...
PT-2026-23544
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 clawdbot versions prior to 2026.1.24-3 Description The software contains a webhook routing issue in the Google Chat monitor component. This allows for cross-account policy context misrouting when multiple...