Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2026/03/31 11:50 p.m.11 views

OpenClaw: Zalo channel downloads media before sender authorization

Summary The Zalo image path fetched and stored inbound media before the DM/pairing authorization checks ran. Impact Unauthorized senders could force network fetches and disk writes in the inbound media store even when the message itself was rejected. Affected Component...

6.9CVSS5.9AI score0.00355EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/31 11:50 p.m.19 views

GHSA-V2V2-F783-358J OpenClaw: Zalo channel downloads media before sender authorization

Summary The Zalo image path fetched and stored inbound media before the DM/pairing authorization checks ran. Impact Unauthorized senders could force network fetches and disk writes in the inbound media store even when the message itself was rejected. Affected Component...

9.8CVSS5.9AI score0.00355EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/31 2:10 p.m.2 views

CVE-2026-33576 OpenClaw < 2026.3.28 - Unauthorized Media Download via Zalo Channel

OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating sender authorization. Unauthorized senders can force network fetches and disk writes to the media store by sending messages that are subsequently rejected...

6.9CVSS5.9AI score0.00355EPSS
Exploits0References3
CVE
CVE
added 2026/03/31 2:10 p.m.21 views

CVE-2026-33576

OpenClaw prior to 2026.3.28 downloads and stores inbound media from Zalo channels before sender authorization is checked. The vulnerability allows unauthorized senders to force network fetches and disk writes to the inbound media store by sending messages that are later rejected. The issue affect...

6.9CVSS5.9AI score0.00355EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/31 2:10 p.m.24 views

CVE-2026-33576 OpenClaw < 2026.3.28 - Unauthorized Media Download via Zalo Channel

OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating sender authorization. Unauthorized senders can force network fetches and disk writes to the media store by sending messages that are subsequently rejected...

6.9CVSS0.00355EPSS
Exploits0References3
Rows per page
Query Builder