Lucene search
+L

147 matches found

Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.7 views

PT-2026-31770

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.22 Description OpenClaw before version 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Chat extension. This allows attackers to collapse multi-account configurations onto shar...

6.3CVSS5.8AI score0.00245EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.5 views

PT-2026-31772

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.22 Description OpenClaw before version 2026.3.22 performs cite expansion before completing channel and direct message DM authorization checks. This allows cite work and content handling to occur before final...

7.3CVSS5.7AI score0.00247EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from the execution of reference extensions before channel and DM authorization checks, which could allow...

7.3CVSS5.8AI score0.00247EPSS
Exploits0References5
OSV
OSV
added 2026/03/29 3:50 p.m.2 views

GHSA-J4C9-W69R-CW33 OpenClaw: Telegram DM-Scoped Inline Button Callbacks Bypass DM Pairing and Mutate Session State

Summary Telegram DM-Scoped Inline Button Callbacks Bypass DM Pairing and Mutate Session State Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Telegram callba...

6.9CVSS5.9AI score0.00285EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/29 3:49 p.m.9 views

OpenClaw: Feishu Raw Card Send Surface Can Mint Legacy Card Callbacks That Bypass DM Pairing

Summary Feishu Raw card Send Surface Can Mint Legacy Card Callbacks That Bypass DM Pairing Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Feishu raw card...

6.9CVSS5.9AI score0.00276EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/29 3:49 p.m.2 views

GHSA-77W2-CRQV-CMV3 OpenClaw: Feishu Raw Card Send Surface Can Mint Legacy Card Callbacks That Bypass DM Pairing

Summary Feishu Raw card Send Surface Can Mint Legacy Card Callbacks That Bypass DM Pairing Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Feishu raw card...

6.9CVSS5.9AI score0.00276EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/27 10:31 p.m.4 views

Incorrect Authorization

Overview @openclaw/matrix is an OpenClaw Matrix channel plugin Affected versions of this package are vulnerable to Incorrect Authorization via the DM access check process. An attacker can interact with unpaired or unauthorized DM peers by sending verification notices that bypass intended access...

6.9CVSS5.9AI score0.00285EPSS
Exploits0References3
OSV
OSV
added 2026/03/27 10:31 p.m.5 views

GHSA-9WQX-G2CW-VC7R OpenClaw: Matrix Verification Notices Bypass Matrix DM Policy and Reply to Unpaired DM Peers

Summary Matrix Verification Notices Bypass Matrix DM Policy and Reply to Unpaired DM Peers Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Matrix verificatio...

5.3CVSS5.9AI score0.00285EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/26 9:45 p.m.8 views

Improper Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Authorization in the webhook process. An attacker can gain unauthorized access to direct message policies by exploiting a path collision in the multi-account configuration,...

7.2CVSS5.9AI score0.00245EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/26 9:45 p.m.4 views

Improper Authorization

Overview @openclaw/synology-chat is a Synology Chat channel plugin for OpenClaw Affected versions of this package are vulnerable to Improper Authorization in the webhook process. An attacker can gain unauthorized access to direct message policies by exploiting a path collision in the multi-accoun...

7.2CVSS5.9AI score0.00245EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.5 views

CVE-2026-32027

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where DM pairing-store identities are incorrectly eligible for group allowlist authorization checks. Attackers can exploit this cross-context authorization flaw by using a sender approved via DM pairing to satisfy...

7.1CVSS5.8AI score0.00238EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/24 12:30 a.m.11 views

EUVD-2026-14586

OpenClaw before 2026.2.26 contains an authorization bypass vulnerability in group allowlist policy evaluation that accepts sender identities from DM pairing-store approvals. Attackers can exploit this boundary weakness by obtaining DM pairing approval to bypass group allowlist checks and gain...

4.8CVSS5.8AI score
Exploits0References5
CVE
CVE
added 2026/03/23 9:36 p.m.10 views

CVE-2026-32904

OpenClaw is affected by an authorization bypass vulnerability (CVE-2026-32904) present in versions before 2026.2.26. The issue occurs in group allowlist policy evaluation, which incorrectly accepts sender identities from DM pairing-store approvals, allowing an attacker to bypass group allowlist c...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.6 views

PT-2026-27238

OpenClaw before 2026.2.26 contains an authorization bypass vulnerability in group allowlist policy evaluation that accepts sender identities from DM pairing-store approvals. Attackers can exploit this boundary weakness by obtaining DM pairing approval to bypass group allowlist checks and gain...

4.6CVSS5.8AI score
Exploits0References6
EUVD
EUVD
added 2026/03/21 3:31 a.m.3 views

EUVD-2026-13968

OpenClaw versions prior to 2026.2.26 contains an authorization bypass vulnerability in the pairing-store access control for direct message pairing policy that allows attackers to reuse pairing approvals across multiple accounts. An attacker approved as a sender in one account can be automatically...

3.7CVSS5.8AI score0.00165EPSS
Exploits0References5
OSV
OSV
added 2026/03/21 3:31 a.m.5 views

GHSA-VMVW-PWWF-CC2W Duplicate Advisory: OpenClaw has cross-account DM pairing authorization bypass via unscoped pairing store access

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vjp8-wprm-2jw9. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.26 contains an authorization bypass vulnerability in the pairing-store access contr...

3.7CVSS5.7AI score0.00165EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/21 3:31 a.m.12 views

Duplicate Advisory: OpenClaw has cross-account DM pairing authorization bypass via unscoped pairing store access

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vjp8-wprm-2jw9. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.26 contains an authorization bypass vulnerability in the pairing-store access contr...

8.1CVSS5.7AI score0.00165EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/03/21 1:17 a.m.6 views

CVE-2026-32067

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability in the pairing-store access control for direct message pairing policy that allows attackers to reuse pairing approvals across multiple accounts. An attacker approved as a sender in one account can be automatically...

8.1CVSS0.00165EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/21 12:42 a.m.26 views

CVE-2026-32899 OpenClaw < 2026.2.25 - Sender Policy Bypass in Slack Reaction and Pin Event Handlers

OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from...

5.3CVSS0.00204EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/21 12:42 a.m.8 views

CVE-2026-32067

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability in the pairing-store access control for direct message pairing policy that allows attackers to reuse pairing approvals across multiple accounts. An attacker approved as a sender in one account can be automatically...

8.1CVSS5.8AI score0.00165EPSS
Exploits0References5
Rows per page
Query Builder