Lucene search
K

3 matches found

OSV
OSV
added 2026/03/27 10:37 p.m.9 views

GHSA-VCX4-4QXG-MFP4 OpenClaw: Telegram Webhook Missing Guess Rate Limiting Enables Brute-Force Guessing of Weak Webhook Secret

Summary Telegram Webhook Missing Guess Rate Limiting Enables Brute-Force Guessing of Weak Webhook Secret Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details...

6.3CVSS5.9AI score0.00287EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/27 10:30 p.m.11 views

OpenClaw: Gateway Plugin HTTP Auth Grants Unrestricted operator.admin Runtime Scope to All Callers

Summary Gateway Plugin HTTP auth: "gateway" Mints operator.admin Runtime Scope Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Gateway-authenticated plugin...

8.8CVSS5.9AI score0.00298EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/27 10:29 p.m.2 views

GHSA-9HJH-FR4F-GXC4 OpenClaw: Gateway Backend Reconnect lets Non-Admin Operator Scopes Self-Claim operator.admin

Summary Gateway Backend Reconnect lets Non-Admin Operator Scopes Self-Claim operator.admin Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Backend-labeled...

9.3CVSS5.9AI score0.00276EPSS
Exploits0References3
Rows per page
Query Builder