3 matches found
OpenClaw has an unspecified vulnerability (CNVD-2026-16385)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to cause reuse of pairing approvals across multiple accounts...
GHSA-VMVW-PWWF-CC2W Duplicate Advisory: OpenClaw has cross-account DM pairing authorization bypass via unscoped pairing store access
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vjp8-wprm-2jw9. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.26 contains an authorization bypass vulnerability in the pairing-store access contr...
PT-2026-26740
OpenClaw versions prior to 2026.2.26 contain an approval context-binding weakness in system.run execution flows with host=node that allows reuse of previously approved requests with modified environment variables. Attackers with access to an approval id can exploit this by reusing an approval wit...