56 matches found
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the chat.send route. An attacker can perform unauthorized privileged actions by leveraging inherited external routes to bypass required scope checks, enabling...
EUVD-2026-33337
OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged commands. Attackers with operator.write scope can deliver commands through inherited external routes to bypass operator.approvals and operator.admin scop...
CVE-2026-35674
OpenClaw prior to 2026.5.18 has a scope bypass vulnerability in the Gateway chat.send route. If an attacker holds operator.write scope, they can deliver commands through inherited external routes to bypass operator.approvals and operator.admin scope requirements, enabling unauthorized mutations t...
CVE-2026-35674 OpenClaw < 2026.5.18 - Scope Bypass via Inherited chat.send Route
OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged commands. Attackers with operator.write scope can deliver commands through inherited external routes to bypass operator.approvals and operator.admin scop...
CVE-2026-35674
OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged commands. Attackers with operator.write scope can deliver commands through inherited external routes to bypass operator.approvals and operator.admin scop...
CVE-2026-35674 OpenClaw < 2026.5.18 - Scope Bypass via Inherited chat.send Route
OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged commands. Attackers with operator.write scope can deliver commands through inherited external routes to bypass operator.approvals and operator.admin scop...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.18 contained security vulnerabilities. These vulnerabilities stemmed from a range-bypass vulnerability in the Gateway chat.send route, allowing clients with restricted ranges to...
PT-2026-44898
OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged commands. Attackers with operator.write scope can deliver commands through inherited external routes to bypass operator.approvals and operator.admin scop...
CVE-2026-41379
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Talk Voice configuration persistence. Attackers with operator.write privileges can exploit the chat.send endpoint to reach and modify sensitive voi...
CVE-2026-41379 OpenClaw < 2026.3.28 - Privilege Escalation via chat.send to Admin-Class Talk Voice Config
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Talk Voice configuration persistence. Attackers with operator.write privileges can exploit the chat.send endpoint to reach and modify sensitive voi...
CVE-2026-41379
OpenClaw is affected as OpenClaw < 2026.3.28. The flaw allows authenticated operators with write permissions to use the chat.send endpoint to reach and modify admin-class Talk Voice configuration settings intended for administrators only. Affected versions are = 2026.3.28 and apply any additio...
EUVD-2026-26088
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Talk Voice configuration persistence. Attackers with operator.write privileges can exploit the chat.send endpoint to reach and modify sensitive voi...
CVE-2026-41371
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows write-scoped gateway callers to trigger admin-only session reset operations. Attackers can rotate target sessions, archive prior transcript state, and force new session IDs without requiring admin sco...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from permission escalation vulnerabilities, allowing authenticated operators with write permissions to acces...
PT-2026-35764
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description Authenticated operators with write permissions can escalate privileges to access admin-class Talk Voice configuration persistence. This is possible by exploiting the 'chat.send' endpoint to reac...
CVE-2026-41371
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows write-scoped gateway callers to trigger admin-only session reset operations. Attackers can rotate target sessions, archive prior transcript state, and force new session IDs without requiring admin sco...
CVE-2026-41371
OpenClaw before 2026.3.28 is affected by a privilege escalation vulnerability in the chat.send path. The issue allows write-scoped gateway callers to trigger admin-only session reset operations by exploiting improper authorization checks. Attackers can rotate target sessions, archive prior transc...
EUVD-2026-25951
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows write-scoped gateway callers to trigger admin-only session reset operations. Attackers can rotate target sessions, archive prior transcript state, and force new session IDs without requiring admin sco...
CVE-2026-41371 OpenClaw < 2026.3.28 - Privilege Escalation via chat.send Reset Command
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows write-scoped gateway callers to trigger admin-only session reset operations. Attackers can rotate target sessions, archive prior transcript state, and force new session IDs without requiring admin sco...
PT-2026-35559
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description Improper authorization checks in the 'chat.send' path allow write-scoped gateway callers to perform admin-only session reset operations. This enables attackers to rotate target sessions, archive...