2 matches found
GHSA-4HPG-MP64-X7XQ OpenClaw: Internal/webchat command auth could inherit ownerAllowFrom wildcard state
Summary Internal/webchat command auth could inherit ownerAllowFrom wildcard state. In affected versions, a sender on an affected internal or webchat path could inherit wildcard ownerAllowFrom state across channel boundaries. This advisory is scoped to the named feature and configuration. It does...
GHSA-P3PV-C954-9M6F Duplicate Advisory: OpenClaw: Owner-enforced commands could accept wildcard channel senders as command owners
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c28g-vh7m-fm7v. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.21 contains an authorization bypass vulnerability in command-auth.ts that allows non-owner...