Lucene search
+L

4 matches found

nvd
nvd
added 2026/03/05 10:16 p.m.9 views

CVE-2026-28471

OpenClaw version 2026.1.14-1 prior to 2026.2.2, with the Matrix plugin installed and enabled, contain a vulnerability in which DM allowlist matching could be bypassed by exact-matching against sender display names and localparts without homeserver validation. Remote Matrix users can impersonate...

6.3CVSS0.00231EPSS
Exploits0References3
euvd
euvd
added 2026/03/05 9:59 p.m.8 views

EUVD-2026-9917

OpenClaw version 2026.1.14-1 prior to 2026.2.2, with the Matrix plugin installed and enabled, contain a vulnerability in which DM allowlist matching could be bypassed by exact-matching against sender display names and localparts without homeserver validation. Remote Matrix users can impersonate...

6.3CVSS5.9AI score0.00231EPSS
Exploits0References3
osv
osv
added 2026/03/05 9:59 p.m.9 views

CVE-2026-28471 OpenClaw 2026.1.14-1 < 2026.2.2 - Allowlist Bypass via displayName and Cross-Homeserver localpart Matching in Matrix Plugin

OpenClaw version 2026.1.14-1 prior to 2026.2.2, with the Matrix plugin installed and enabled, contain a vulnerability in which DM allowlist matching could be bypassed by exact-matching against sender display names and localparts without homeserver validation. Remote Matrix users can impersonate...

6.3CVSS6AI score0.00231EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/02/17 12:0 a.m.11 views

PT-2026-23546

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.1.14-1 through 2026.2.1 Description The software contains a flaw where direct message DM allowlist matching can be circumvented by precisely matching sender display names and localparts without homeserver verification...

6.3CVSS5.8AI score0.00231EPSS
Exploits0References8
Rows per page
Query Builder