2 matches found
CVE-2026-62197 OpenClaw < 2026.6.6 Policy Bypass via CDP Discovery
OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accepts blocked WebSocket URLs. Attackers with lower-trust access can reach network destinations that should have been blocked by OpenClaw policy when the affected feature is enabled...
CVE-2026-62196 OpenClaw 2026.3.22 < 2026.6.6 Authorization Bypass via WhatsApp Group IDs
OpenClaw versions 2026.3.22 before 2026.6.6 contain an authorization bypass vulnerability where WhatsApp group IDs can satisfy elevated sender allowlists. Attackers with lower-trust access can perform actions requiring stronger authorization by leveraging group ID validation in the affected featu...