OpenClaw Authorization Bypass Vulnerability (CNVD-2026-14837)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authorization bypass vulnerability that stems from the system incorrectly treating DM paired stored identities as group allowlist identities when dmPolicy is set to pairing and groupPolicy is set to...

CVE-2026-32027

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where DM pairing-store identities are incorrectly eligible for group allowlist authorization checks. Attackers can exploit this cross-context authorization flaw by using a sender approved via DM pairing to satisfy...

CVE-2026-32006

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where DM pairing-store identities are incorrectly treated as group allowlist identities when dmPolicy=pairing and groupPolicy=allowlist. Remote attackers can send messages and reactions as DM-paired identities...

CVE-2026-32006

CVE-2026-32006 affects OpenClaw versions prior to 2026.2.26. The issue is an authorization bypass where DM pairing-store identities are incorrectly treated as group allowlist identities when dmPolicy=pairing and groupPolicy=allowlist. This allows remote attackers to send messages and reactions as...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the group allowlist authorization. An attacker can gain unauthorized group sender access by leveraging DM pairing-store entries to satisfy group allowlist check...

PT-2019-15927 · Dovecot +1 · Dovecot +1

Name of the Vulnerable Software and Affected Versions: Dovecot versions prior to 2.3.9.2 Description: The issue allows an attacker to crash a push-notification driver with a crafted email when push notifications are used, due to a NULL Pointer Dereference. This can be achieved by using a group...