10 matches found
CVE-2026-43574
OpenClaw before 2026.4.12 contains an improper authorization vulnerability in helper-backed channels where empty resolved approver lists are interpreted as explicit approval authorization. Attackers can resolve pending approvals without proper authorization by exploiting this logic flaw if they...
CVE-2026-43574
CVE-2026-43574 involves OpenClaw before 2026.4.12, where an improper authorization flaw in helper-backed channels treats empty resolved approver lists as explicit approval. An attacker who knows an approval id can resolve pending approvals without proper authorization. The vulnerability impacts a...
EUVD-2026-27299
OpenClaw before 2026.4.12 contains an improper authorization vulnerability in helper-backed channels where empty resolved approver lists are interpreted as explicit approval authorization. Attackers can resolve pending approvals without proper authorization by exploiting this logic flaw if they...
CVE-2026-43574 OpenClaw < 2026.4.12 - Improper Authorization via Empty Approver Lists
OpenClaw before 2026.4.12 contains an improper authorization vulnerability in helper-backed channels where empty resolved approver lists are interpreted as explicit approval authorization. Attackers can resolve pending approvals without proper authorization by exploiting this logic flaw if they...
CVE-2026-43574 OpenClaw < 2026.4.12 - Improper Authorization via Empty Approver Lists
OpenClaw before 2026.4.12 contains an improper authorization vulnerability in helper-backed channels where empty resolved approver lists are interpreted as explicit approval authorization. Attackers can resolve pending approvals without proper authorization by exploiting this logic flaw if they...
CVE-2026-43574
OpenClaw before 2026.4.12 contains an improper authorization vulnerability in helper-backed channels where empty resolved approver lists are interpreted as explicit approval authorization. Attackers can resolve pending approvals without proper authorization by exploiting this logic flaw if they...
Missing Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization in the approval authorization. An attacker can gain unauthorized approval rights by exploiting empty approver lists, allowing them to resolve pending approvals if th...
OpenClaw: Empty approver lists could grant explicit approval authorization
Summary Empty approver lists could grant explicit approval authorization. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.12 Impact For helper-backed channels, an empty resolved approver list could be interpreted as explicit approval authorization,...
GHSA-49CG-279W-M73X OpenClaw: Empty approver lists could grant explicit approval authorization
Summary Empty approver lists could grant explicit approval authorization. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.12 Impact For helper-backed channels, an empty resolved approver list could be interpreted as explicit approval authorization,...
PT-2026-37029
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.12 Description An improper authorization issue exists in helper-backed channels where empty resolved approver lists are interpreted as explicit approval authorization. This logic flaw allows attackers to resol...