Lucene search
K

5 matches found

OSV
OSV
added 2026/07/02 4:18 p.m.3 views

GHSA-WV26-J37Q-2G7P OpenClaw's Slack plugin approvals used the exec approver gate for plugin actions

Summary Slack plugin approvals used the exec approver gate for plugin actions. In affected versions, a Slack user authorized only for exec approvals could resolve a plugin approval through the exec approver gate. This advisory is scoped to the named feature and configuration. It does not change...

4.3CVSS6AI score0.00173EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/29 3:9 p.m.43 views

CVE-2026-32906 OpenClaw < 2026.5.12 - Privilege Escalation in Slack Plugin Approvals via Exec Approver Gate

OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that allows exec-authorized users to resolve plugin approvals through the exec approver gate. Attackers with limited exec approval permissions can bypass intended approval splits to approve plugin...

4.3CVSS0.00173EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/29 3:9 p.m.9 views

CVE-2026-32906 OpenClaw < 2026.5.12 - Privilege Escalation in Slack Plugin Approvals via Exec Approver Gate

OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that allows exec-authorized users to resolve plugin approvals through the exec approver gate. Attackers with limited exec approval permissions can bypass intended approval splits to approve plugin...

4.3CVSS5.8AI score0.00173EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/29 3:9 p.m.7 views

CVE-2026-32906

OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that allows exec-authorized users to resolve plugin approvals through the exec approver gate. Attackers with limited exec approval permissions can bypass intended approval splits to approve plugin...

4.3CVSS5.8AI score0.00173EPSS
Exploits0References3
CVE
CVE
added 2026/05/29 3:9 p.m.46 views

CVE-2026-32906

OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that lets exec-authorized users resolve plugin approvals via the exec approver gate. Attackers with limited exec approval permissions can bypass intended approval splits to approve plugin actions out...

4.3CVSS5.8AI score0.00173EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder