Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/04/01 5:3 p.m.3 views

CVE-2026-33578

OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalouser extensions where route-level group allowlist policies silently downgrade to open policy. Attackers can exploit this policy resolution flaw to bypass sender restrictions and interact with bots...

5.3CVSS5.9AI score0.00297EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/01 12:1 a.m.5 views

EUVD-2026-17435

OpenClaw: Google Chat and Zalouser group sender allowlist bypass via policy downgrade...

5.3CVSS5.8AI score0.00297EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/31 2:10 p.m.24 views

CVE-2026-33578 OpenClaw < 2026.3.28 - Sender Policy Allowlist Bypass via Policy Downgrade in Google Chat and Zalouser Extensions

OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalouser extensions where route-level group allowlist policies silently downgrade to open policy. Attackers can exploit this policy resolution flaw to bypass sender restrictions and interact with bots...

5.3CVSS0.00297EPSS
Exploits0References3
CVE
CVE
added 2026/03/31 2:10 p.m.11 views

CVE-2026-33578

OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalouser extensions where route-level group allowlists downgrade to an open policy, allowing bypass of sender restrictions and interaction with bots. Affected components include extensions/googlechat/sr...

5.3CVSS5.9AI score0.00297EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/31 2:10 p.m.3 views

CVE-2026-33578

OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalouser extensions where route-level group allowlist policies silently downgrade to open policy. Attackers can exploit this policy resolution flaw to bypass sender restrictions and interact with bots...

5.3CVSS5.9AI score0.00297EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.5 views

PT-2026-29258

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description The software contains a sender policy bypass issue in the Google Chat and Zalouser extensions. Route-level group allowlist policies are silently downgraded to open policy, allowing attackers to...

9.8CVSS5.9AI score0.00297EPSS
Exploits0References9
Rows per page
Query Builder