4 matches found
CVE-2026-58207 NATS Server: Remote crash via integer overflow in Connz pagination
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client able to send account-scoped connection monitoring requests could crash the server by supplying Connz pagination Offset and Limit values that overflowed internal...
CVE-2026-32976 OpenClaw < 2026.3.11 - Account-Scoped configWrites Policy Bypass via Channel Commands
OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing channel commands to mutate protected sibling-account configuration despite configWrites restrictions. Attackers with authorized access on one account can execute channel commands like /config set channels..accounts...
GHSA-VJP8-WPRM-2JW9 OpenClaw has cross-account DM pairing authorization bypass via unscoped pairing store access
Summary OpenClaw had account-scope gaps in pairing-store access for DM pairing policy, which could let a pairing approval from one account authorize the same sender on another account in multi-account setups. Impact This is an authorization-boundary weakness in multi-account channel deployments. ...
OpenClaw has cross-account DM pairing authorization bypass via unscoped pairing store access
Summary OpenClaw had account-scope gaps in pairing-store access for DM pairing policy, which could let a pairing approval from one account authorize the same sender on another account in multi-account setups. Impact This is an authorization-boundary weakness in multi-account channel deployments. ...