Lucene search
K

4 matches found

EUVD
EUVD
added 2026/03/24 12:30 a.m.9 views

EUVD-2026-14586

OpenClaw before 2026.2.26 contains an authorization bypass vulnerability in group allowlist policy evaluation that accepts sender identities from DM pairing-store approvals. Attackers can exploit this boundary weakness by obtaining DM pairing approval to bypass group allowlist checks and gain...

4.8CVSS5.8AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.5 views

PT-2026-27238

OpenClaw before 2026.2.26 contains an authorization bypass vulnerability in group allowlist policy evaluation that accepts sender identities from DM pairing-store approvals. Attackers can exploit this boundary weakness by obtaining DM pairing approval to bypass group allowlist checks and gain...

4.6CVSS5.8AI score
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/03/19 3:30 a.m.8 views

Duplicate Advisory: Signal group allowlist authorization bypass via DM pairing-store leakage

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wm8r-w8pf-2v6w. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal group allowlist polic...

4.6CVSS5.7AI score0.00152EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/19 1:0 a.m.5 views

CVE-2026-31991

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal group allowlist policy incorrectly accepts sender identities from DM pairing-store approvals. Attackers can exploit this boundary weakness by obtaining DM pairing approval to bypass group allowlist...

3.7CVSS5.8AI score0.00152EPSS
Exploits0References5
Rows per page
Query Builder