3 matches found
CVE-2026-35666
OpenClaw (prior to 2026.3.22) has an allowlist bypass in system.run approvals that fails to unwrap /usr/bin/time wrappers, allowing an attacker to reuse approval state for inner commands and bypass executable binding restrictions. Affected component: OpenClaw, version prior to 2026.3.22. Root cau...
CVE-2026-32067
OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability in the pairing-store access control for direct message pairing policy that allows attackers to reuse pairing approvals across multiple accounts. An attacker approved as a sender in one account can be automatically...
CVE-2026-32067
OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability in the pairing-store access control for direct message pairing policy that allows attackers to reuse pairing approvals across multiple accounts. An attacker approved as a sender in one account can be automatically...