6 matches found
CVE-2026-33578
OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalouser extensions where route-level group allowlist policies silently downgrade to open policy. Attackers can exploit this policy resolution flaw to bypass sender restrictions and interact with bots...
EUVD-2026-17435
OpenClaw: Google Chat and Zalouser group sender allowlist bypass via policy downgrade...
CVE-2026-33578 OpenClaw < 2026.3.28 - Sender Policy Allowlist Bypass via Policy Downgrade in Google Chat and Zalouser Extensions
OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalouser extensions where route-level group allowlist policies silently downgrade to open policy. Attackers can exploit this policy resolution flaw to bypass sender restrictions and interact with bots...
CVE-2026-33578
OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalouser extensions where route-level group allowlists downgrade to an open policy, allowing bypass of sender restrictions and interaction with bots. Affected components include extensions/googlechat/sr...
CVE-2026-33578
OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalouser extensions where route-level group allowlist policies silently downgrade to open policy. Attackers can exploit this policy resolution flaw to bypass sender restrictions and interact with bots...
PT-2026-29258
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description The software contains a sender policy bypass issue in the Google Chat and Zalouser extensions. Route-level group allowlist policies are silently downgraded to open policy, allowing attackers to...