3 matches found
OpenClaw Authorization Bypass Vulnerability (CNVD-2026-14837)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authorization bypass vulnerability that stems from the system incorrectly treating DM paired stored identities as group allowlist identities when dmPolicy is set to pairing and groupPolicy is set to...
CVE-2026-32006
OpenClaw CVE-2026-32006 affects openclaw versions prior to 2026.2.26. The root cause is an authorization bypass where DM pairing-store identities are incorrectly treated as group allowlist identities when dmPolicy=pairing and groupPolicy=allowlist. This allows a remote attacker to send messages a...
CVE-2026-32006
OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where DM pairing-store identities are incorrectly treated as group allowlist identities when dmPolicy=pairing and groupPolicy=allowlist. Remote attackers can send messages and reactions as DM-paired identities...