Lucene search
+L

11 matches found

EUVD
EUVD
added 2026/07/02 3:40 p.m.11 views

EUVD-2026-36321

OpenClaw: Message read actions could skip channel allowlist checks...

7.1CVSS5.8AI score0.00215EPSS
Exploits0References3
NVD
NVD
added 2026/06/11 9:16 p.m.14 views

CVE-2026-53815

OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips channel allowlist checks. Lower-trust callers can request messages from channels not intended for them by exploiting insufficient validation in the affected feature, potentially exposing...

7.1CVSS0.00215EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.14 views

PT-2026-48745

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.19 Description An authorization bypass exists in message read actions due to insufficient validation, which allows the system to skip channel allowlist checks. This enables lower-trust callers to request and...

7.1CVSS5.8AI score0.00215EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/28 6:10 p.m.5 views

CVE-2026-41910 OpenClaw < 2026.4.8 - Missing Owner-Only Enforcement in /allowlist Cross-Channel Writes

OpenClaw before 2026.4.8 omits owner-only enforcement for cross-channel allowlist writes in the /allowlist endpoint. An authorized non-owner sender can bypass access controls to perform allowlist modifications against different channels, violating the intended trust model...

4.3CVSS5.2AI score0.00237EPSS
Exploits0References3
OSV
OSV
added 2026/04/28 6:10 p.m.6 views

CVE-2026-41910 OpenClaw < 2026.4.8 - Missing Owner-Only Enforcement in /allowlist Cross-Channel Writes

OpenClaw before 2026.4.8 omits owner-only enforcement for cross-channel allowlist writes in the /allowlist endpoint. An authorized non-owner sender can bypass access controls to perform allowlist modifications against different channels, violating the intended trust model...

2.3CVSS6AI score0.00237EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.10 views

CVE-2026-32005

OpenClaw versions prior to 2026.2.25 fail to enforce sender authorization checks for interactive callbacks including blockaction, viewsubmission, and viewclosed in shared workspace deployments. Unauthorized workspace members can bypass allowFrom restrictions and channel user allowlists to enqueue...

8.1CVSS5.8AI score0.00283EPSS
Exploits0References1
OSV
OSV
added 2026/03/21 12:42 a.m.4 views

CVE-2026-32899 OpenClaw < 2026.2.25 - Sender Policy Bypass in Slack Reaction and Pin Event Handlers

OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from...

5.3CVSS5.9AI score0.00204EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.4 views

PT-2026-26748

OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from...

5.3CVSS5.8AI score0.00204EPSS
Exploits0References5
NVD
NVD
added 2026/03/19 10:16 p.m.6 views

CVE-2026-32005

OpenClaw versions prior to 2026.2.25 fail to enforce sender authorization checks for interactive callbacks including blockaction, viewsubmission, and viewclosed in shared workspace deployments. Unauthorized workspace members can bypass allowFrom restrictions and channel user allowlists to enqueue...

8.1CVSS0.00283EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/19 10:6 p.m.21 views

CVE-2026-32005 OpenClaw < 2026.2.25 - Authorization Bypass in Interactive Callbacks via Sender Check Skip

OpenClaw versions prior to 2026.2.25 fail to enforce sender authorization checks for interactive callbacks including blockaction, viewsubmission, and viewclosed in shared workspace deployments. Unauthorized workspace members can bypass allowFrom restrictions and channel user allowlists to enqueue...

7.6CVSS0.00283EPSS
Exploits0References3
CVE
CVE
added 2026/03/19 10:6 p.m.13 views

CVE-2026-32005

OpenClaw CVE-2026-32005 affects versions before 2026.2.25. The root cause is a failure to enforce sender authorization checks for interactive callbacks (block_action, view_submission, view_closed) in shared workspace deployments, allowing unauthorized workspace members to bypass allowFrom restric...

8.1CVSS5.8AI score0.00283EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder