4 matches found
GHSA-MPC8-JXJH-QPGH OpenClaw: Focus command could miss controlScope enforcement
Summary Focus command could miss controlScope enforcement. In affected versions, a caller able to trigger the focus command could run the command without enforcing the expected control scope. This advisory is scoped to the named feature and configuration. It does not change OpenClaw's...
CVE-2026-53850
OpenClaw before 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus command that allows authenticated callers to execute the command without proper authorization checks. Attackers can trigger the focus command to change focus state outside intended caller authority,...
CVE-2026-53850
OpenClaw is affected by CVE-2026-53850, a control scope enforcement bypass in the focus command present in versions prior to 2026.4.25. The vulnerability allows authenticated callers to bypass authorization checks and change focus state outside their intended authority, potentially enabling unaut...
PT-2026-49767
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.25 Description A control scope enforcement bypass exists in the focus command. This allows authenticated callers to execute the command without proper authorization checks, enabling them to change the focus...