Lucene search
K

4 matches found

CVE
CVE
added 2026/06/12 9:56 p.m.27 views

CVE-2026-53834

OpenClaw (OpenClaw before 2026.4.27) contains an authorization bypass in QQBot pre-dispatch slash commands that allows authenticated senders to bypass allowFrom policy checks. Attackers can invoke slash commands before access control policies are applied, potentially triggering command handling f...

8.2CVSS5.4AI score0.00192EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/12 9:56 p.m.28 views

CVE-2026-53834 OpenClaw < 2026.4.27 - Authorization Bypass in QQBot Pre-dispatch Slash Commands

OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands that allows authenticated senders to skip allowFrom policy checks. Attackers can invoke slash commands before configured access control policies are applied, potentially triggering comman...

8.2CVSS0.00192EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 9:16 p.m.9 views

CVE-2026-53807

OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that allows authenticated users to skip commands.allowFrom validation. Attackers can invoke affected callbacks to mark themselves as authorized senders before allowlist checks are applied,...

8.8CVSS0.00312EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.14 views

PT-2026-44895

OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authenticated senders to skip DM-only and allowFrom policy checks. Attackers can route admin commands from unauthorized senders or contexts to execute restricted behavior that policy should have...

5.4CVSS5.9AI score0.00148EPSS
Exploits0References3
Rows per page
Query Builder