Lucene search
K

4 matches found

OSV
OSV
added 2026/07/02 4:34 p.m.10 views

GHSA-JVM4-4J77-39P6 OpenClaw: QQBot streaming command could mutate config without explicit allowFrom

Summary QQBot streaming command could mutate config without explicit allowFrom. In affected versions, a QQBot sender reaching the affected command could change configuration without requiring an explicit non-wildcard allowlist entry. This advisory is scoped to the named feature and configuration...

8.7CVSS6AI score0.00172EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 8:5 p.m.13 views

EUVD-2026-36313

OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that allows authenticated users to skip commands.allowFrom validation. Attackers can invoke affected callbacks to mark themselves as authorized senders before allowlist checks are applied,...

8.8CVSS5.5AI score0.00312EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.8 views

CVE-2026-32005

OpenClaw versions prior to 2026.2.25 fail to enforce sender authorization checks for interactive callbacks including blockaction, viewsubmission, and viewclosed in shared workspace deployments. Unauthorized workspace members can bypass allowFrom restrictions and channel user allowlists to enqueue...

8.1CVSS5.8AI score0.00283EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from a failure to enforce sender authorization checks on interactive callbacks in shared workspace deployments, which can be exploited by an attacker to cause...

8.1CVSS5.8AI score0.00283EPSS
Exploits0References3
Rows per page
Query Builder