2 matches found
EUVD-2026-36324
OpenClaw: MCP loopback could skip owner-only tool policy for non-owner callers...
CVE-2026-53818
OpenClaw CVE-2026-53818 affects OpenClaw prior to 2026.4.24. It describes an authorization bypass in the MCP loopback feature that lets non-owner callers skip owner-only tool policies and before-tool-call hooks, potentially causing invocation of owner-only behavior to execute restricted tools whe...