Lucene search
K

4 matches found

OSV
OSV
added 2026/04/10 12:30 a.m.2 views

GHSA-P6J4-WVMC-VX2H Duplicate Advisory: OpenClaw: Tlon cite expansion happens before channel and DM authorization is complete

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vfg3-pqpq-93m4. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cit...

7.3CVSS5.7AI score0.00247EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:27 p.m.2 views

CVE-2026-35637

OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cite work and content handling prior to final auth decisions. Attackers can exploit this timing vulnerability to access or manipulate content before proper authorization validation...

7.3CVSS5.9AI score0.00247EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/09 9:27 p.m.2 views

CVE-2026-35637 OpenClaw < 2026.3.22 - Premature Cite Expansion Before Authorization in Channel and DM

OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cite work and content handling prior to final auth decisions. Attackers can exploit this timing vulnerability to access or manipulate content before proper authorization validation...

7.3CVSS5.8AI score0.00247EPSS
Exploits0References5
OSV
OSV
added 2026/03/29 3:50 p.m.2 views

GHSA-J4C9-W69R-CW33 OpenClaw: Telegram DM-Scoped Inline Button Callbacks Bypass DM Pairing and Mutate Session State

Summary Telegram DM-Scoped Inline Button Callbacks Bypass DM Pairing and Mutate Session State Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Telegram callba...

6.9CVSS5.9AI score0.00285EPSS
Exploits0References5
Rows per page
Query Builder