CVE-2026-26328 OpenClaw iMessage group allowlist authorization inherited DM pairing-store identities

OpenClaw is a personal AI assistant. Prior to version 2026.2.14, under iMessage groupPolicy=allowlist, group authorization could be satisfied by sender identities coming from the DM pairing store, broadening DM trust into group contexts. Version 2026.2.14 fixes the issue...

CVE-2026-26328

The GHSA entry describes a vulnerability in the OpenClaw/iMessage workflow where group authorization could be satisfied by identities from the DM pairing store, effectively bridging DM pairing trust into group allowlists. Affected packages/versions: openclaw (npm) <= 2026.2.13 and clawdbot (npm)

GHSA-G34W-4XQQ-H79M OpenClaw iMessage group allowlist authorization inherited DM pairing-store identities

Summary Under iMessage groupPolicy=allowlist, group authorization could be satisfied by sender identities coming from the DM pairing store, broadening DM trust into group contexts. Details Affected component: src/imessage/monitor/monitor-provider.ts. Vulnerable logic derived effectiveGroupAllowFr...

EUVD-2021-7235

Malicious code in bioql PyPI...

CVE-2021-1771

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. A user that is removed from an iMessage group could rejoin the group...

CVE-2021-1771

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. A user that is removed from an iMessage group could rejoin the group...

Design/Logic Flaw

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. A user that is removed from an iMessage group could rejoin the group...

CVE-2021-1771

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. A user that is removed from an iMessage group could rejoin the group...

Apple macOS Security Breach

Apple macOS is a proprietary operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS due to an incorrect access restriction within the Messages component of macOS. A remote user who is removed from an iMessage group can rejoin the group. The...

CVE-2020-9885

An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A user that is removed from an iMessage group could rejoin the group...