EUVD-2026-33334

OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authenticated senders to skip DM-only and allowFrom policy checks. Attackers can route admin commands from unauthorized senders or contexts to execute restricted behavior that policy should have...

CVE-2026-34507

OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authenticated senders to skip DM-only and allowFrom policy checks. Attackers can route admin commands from unauthorized senders or contexts to execute restricted behavior that policy should have...

PT-2026-44895

OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authenticated senders to skip DM-only and allowFrom policy checks. Attackers can route admin commands from unauthorized senders or contexts to execute restricted behavior that policy should have...

EUVD-2026-30626

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, an IDOR vulnerability exists in the Channels feature of Open WebUI, allowing any channel member to modify messages sent by other members including administrators within the same...

CVE-2026-45385 Open WebUI: An IDOR vulnerability exists in the update_message_by_id API endpoint

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, an IDOR vulnerability exists in the Channels feature of Open WebUI, allowing any channel member to modify messages sent by other members including administrators within the same...

CVE-2026-44561

CVE-2026-44561 affects Open WebUI. The vulnerability arises in the is_user_channel_member check: before 0.9.0, the code verifies ChannelMember existence but ignores is_active, so deactivated members (status 'left', is_active=False) retain full read/write access to group/DM channels via direct API...

GHSA-WWHQ-CX22-F7VV Open WebUI has an IDOR vulnerability in the update_message_by_id API endpoint

Summary An IDOR vulnerability exists in the Channels feature of Open WebUI, allowing any channel member to modify messages sent by other members including administrators within the same channel. This vulnerability affects the latest version v0.8.12 of Open WebUI. Details In the updatemessagebyid...

Open WebUI has an IDOR vulnerability in the update_message_by_id API endpoint

Summary An IDOR vulnerability exists in the Channels feature of Open WebUI, allowing any channel member to modify messages sent by other members including administrators within the same channel. This vulnerability affects the latest version v0.8.12 of Open WebUI. Details In the updatemessagebyid...

EUVD-2026-29138

OpenClaw before 2026.4.20 contains a message classification vulnerability in Feishu card-action callbacks that misclassifies direct messages as group conversations. Attackers can bypass dmPolicy enforcement by triggering card-action flows in direct message conversations that should have been...

Duplicate Advisory: OpenClaw: Matrix room control-command authorization no longer trusts DM pairing-store entries

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2gvc-4f3c-2855. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization...

CVE-2026-44110

OpenClaw is affected by CVE-2026-44110, with vulnerability present in versions before 2026.4.15. The issue is an authorization bypass in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without be...

CVE-2026-44110 OpenClaw < 2026.4.15 - Authorization Bypass in Matrix Room Control Commands via DM Pairing Store

OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms,...

CVE-2026-44110 OpenClaw < 2026.4.15 - Authorization Bypass in Matrix Room Control Commands via DM Pairing Store

OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms,...

CVE-2026-41348

OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command and autocomplete paths that fail to enforce group DM channel allowlist restrictions. Authorized Discord users can bypass channel restrictions by invoking slash commands, allowing access to restricted...

PT-2026-33868

OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability in the Nostr DM ingress path that allows pairing challenges to be issued before event signature validation. An unauthenticated remote attacker can send forged direct messages to create pending pairi...

CVE-2026-35647

OpenClaw before 2026.3.25 contains an access control vulnerability where verification notices bypass DM policy checks and reply to unpaired peers. Attackers can send verification notices to users outside allowed direct message policies by exploiting insufficient access validation before message...

CVE-2026-35661

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Telegram callback query handling that allows attackers to mutate session state without satisfying normal DM pairing requirements. Remote attackers can exploit weaker callback-only authorization in direct messages to bypas...

CVE-2026-35647

OpenClaw before 2026.3.25 contains an access control flaw: verification notices bypass DM policy checks and reply to unpaired peers due to insufficient access validation before transmission. This could allow sending verification notices to users outside allowed direct message policies. Root cause...

EUVD-2026-21440

OpenClaw before 2026.3.25 contains an access control vulnerability where verification notices bypass DM policy checks and reply to unpaired peers. Attackers can send verification notices to users outside allowed direct message policies by exploiting insufficient access validation before message...

CVE-2026-35647

OpenClaw before 2026.3.25 contains an access control vulnerability where verification notices bypass DM policy checks and reply to unpaired peers. Attackers can send verification notices to users outside allowed direct message policies by exploiting insufficient access validation before message...