Lucene search
K

5 matches found

OSV
OSV
added 2 days ago3 views

GHSA-MGQ6-VR84-7M2J OpenClaw: QQBot native approval buttons did not enforce configured approver identity

Summary OpenClaw's QQBot channel can deliver native approval buttons for exec and plugin approvals. In affected releases, the button callback path resolved approvals without enforcing the configured QQBot approver identity. The text command approval path used the authorization check; the issue wa...

8CVSS5.8AI score0.00199EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/29 3:10 p.m.15 views

EUVD-2026-33335

OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper authorization...

8CVSS5.8AI score0.00199EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/29 3:10 p.m.51 views

CVE-2026-35630 OpenClaw < 2026.5.18 - QQBot Missing Approver Identity Enforcement in Native Approval Buttons

OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper authorization...

8CVSS0.00199EPSS
Exploits0References2
CVE
CVE
added 2026/05/29 3:10 p.m.22 views

CVE-2026-35630

OpenClaw OpenClaw before 2026.5.18 has an authorization bypass in QQBot native approval buttons that does not enforce the configured approver identity. Non-approvers can click approval buttons to resolve pending exec or plugin approval requests without proper authorization. Affected product: Open...

8CVSS5.8AI score0.00199EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.12 views

PT-2026-44896

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.18 Description An authorization bypass exists in the QQBot native approval buttons. The button callback path fails to enforce the configured approver identity, allowing users who are not authorized approvers t...

8CVSS5.7AI score0.00199EPSS
Exploits0References6
Rows per page
Query Builder