5 matches found
GHSA-V2V2-F783-358J OpenClaw: Zalo channel downloads media before sender authorization
Summary The Zalo image path fetched and stored inbound media before the DM/pairing authorization checks ran. Impact Unauthorized senders could force network fetches and disk writes in the inbound media store even when the message itself was rejected. Affected Component...
OpenClaw: Zalo channel downloads media before sender authorization
Summary The Zalo image path fetched and stored inbound media before the DM/pairing authorization checks ran. Impact Unauthorized senders could force network fetches and disk writes in the inbound media store even when the message itself was rejected. Affected Component...
CVE-2026-33576 OpenClaw < 2026.3.28 - Unauthorized Media Download via Zalo Channel
OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating sender authorization. Unauthorized senders can force network fetches and disk writes to the media store by sending messages that are subsequently rejected...
CVE-2026-33576
OpenClaw prior to 2026.3.28 downloads and stores inbound media from Zalo channels before sender authorization is checked. The vulnerability allows unauthorized senders to force network fetches and disk writes to the inbound media store by sending messages that are later rejected. The issue affect...
CVE-2026-33576 OpenClaw < 2026.3.28 - Unauthorized Media Download via Zalo Channel
OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating sender authorization. Unauthorized senders can force network fetches and disk writes to the media store by sending messages that are subsequently rejected...