8 matches found
CVE-2026-32900
OpenClaw CVE-2026-32900 affects versions prior to 2026.2.22. The vulnerability is an authorization bypass in allowlist mode due to allow-always persistence at the wrapper level, enabling approval-bypass execution of different payloads. This allows attackers to approve benign wrapped system.run co...
Duplicate Advisory: OpenClaw's allow-always wrapper persistence could bypass future approvals and enable command execution
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6j27-pc5c-m8w8. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in allow-always wrapper persistenc...
GHSA-PFV5-RPCW-X34X Duplicate Advisory: OpenClaw's allow-always wrapper persistence could bypass future approvals and enable command execution
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6j27-pc5c-m8w8. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in allow-always wrapper persistenc...
CVE-2026-29607
OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in allow-always wrapper persistence that allows attackers to bypass approval checks by persisting wrapper-level allowlist entries instead of validating inner executable intent. Remote attackers can approve benign...
CVE-2026-29607 OpenClaw < 2026.2.22 - Authorization Bypass via allow-always Wrapper Persistence
OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in allow-always wrapper persistence that allows attackers to bypass approval checks by persisting wrapper-level allowlist entries instead of validating inner executable intent. Remote attackers can approve benign...
CVE-2026-29607 OpenClaw < 2026.2.22 - Authorization Bypass via allow-always Wrapper Persistence
OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in allow-always wrapper persistence that allows attackers to bypass approval checks by persisting wrapper-level allowlist entries instead of validating inner executable intent. Remote attackers can approve benign...
CVE-2026-29607
OpenClaw vulnerability CVE-2026-29607 affects OpenClaw versions prior to 2026.2.22. The flaw is an authorization bypass in the allow-always wrapper persistence, letting an attacker bypass approval checks by persisting wrapper-level allowlist entries instead of validating the inner executable inte...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the allow-always wrapper in security=allowlist mode. An attacker can execute arbitrary commands without further approval by exploiting persistent wrapper-level...