Lucene search
K

3 matches found

OSV
OSV
added 2026/04/07 6:11 p.m.4 views

GHSA-3Q42-XMXV-9VFR OpenClaw: Gateway operator.write Can Reach Admin-Class Talk Voice Config Persistence via chat.send

Summary Gateway operator.write Can Reach Admin-Class Talk Voice Config Persistence via chat.send Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Real shipped operator.write to admin-class Talk Voice config persistence bug, but it is the same narrow...

6.9CVSS5.8AI score0.00243EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/31 11:54 p.m.12 views

OpenClaw: Gateway WebSocket Denial of Service via unbounded pre-auth upgrades

Summary The gateway accepted unbounded concurrent unauthenticated WebSocket upgrades before allocating them to an authenticated session budget. Impact An unauthenticated network attacker could consume socket and worker capacity and disrupt WebSocket availability for legitimate clients. Affected...

8.7CVSS5.9AI score0.00318EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/31 11:52 p.m.6 views

OpenClaw's device removal and token revocation do not terminate active WebSocket sessions

Summary Removing a device or revoking its token updated stored credentials but did not disconnect already-authenticated WebSocket sessions. Impact A revoked device could continue using its existing live session until reconnect, extending access beyond credential removal. Affected Component...

8.6CVSS5.9AI score0.00332EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder