Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.3 views

CVE-2026-32897

OpenClaw versions prior to 2026.2.22 reuse gateway.auth.token as a fallback hash secret for owner-ID prompt obfuscation when commands.ownerDisplay is set to hash and commands.ownerDisplaySecret is unset, creating dual-use of authentication secrets across security domains. Attackers with access to...

6.3CVSS5.8AI score0.00262EPSS
Exploits0References1
OSV
OSV
added 2026/03/21 3:31 a.m.3 views

GHSA-8MR2-F9WF-HCFQ Duplicate Advisory: OpenClaw reuses the gateway auth token in the owner ID prompt hashing fallback

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-v6x2-2qvm-6gv8. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.22 reuse gateway.auth.token as a fallback hash secret for owner-ID prompt obfuscati...

3.7CVSS5.7AI score0.00262EPSS
Exploits0References5
OSV
OSV
added 2026/03/21 1:17 a.m.5 views

CVE-2026-32897

OpenClaw versions prior to 2026.2.22 reuse gateway.auth.token as a fallback hash secret for owner-ID prompt obfuscation when commands.ownerDisplay is set to hash and commands.ownerDisplaySecret is unset, creating dual-use of authentication secrets across security domains. Attackers with access to...

3.7CVSS5.9AI score
Exploits0References3
Cvelist
Cvelist
added 2026/03/21 12:42 a.m.25 views

CVE-2026-32897 OpenClaw < 2026.2.22 - Authentication Token Reuse in Owner ID Prompt Hashing Fallback

OpenClaw versions prior to 2026.2.22 reuse gateway.auth.token as a fallback hash secret for owner-ID prompt obfuscation when commands.ownerDisplay is set to hash and commands.ownerDisplaySecret is unset, creating dual-use of authentication secrets across security domains. Attackers with access to...

6.3CVSS0.00262EPSS
Exploits0References3
Rows per page
Query Builder