10 matches found
CVE-2026-32005
OpenClaw versions prior to 2026.2.25 fail to enforce sender authorization checks for interactive callbacks including blockaction, viewsubmission, and viewclosed in shared workspace deployments. Unauthorized workspace members can bypass allowFrom restrictions and channel user allowlists to enqueue...
OpenClaw has an unspecified vulnerability (CNVD-2026-14838)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from a failure to enforce sender authorization checks on interactive callbacks in shared workspace deployments, which can be exploited by an attacker to cause...
CVE-2026-32005
OpenClaw versions prior to 2026.2.25 fail to enforce sender authorization checks for interactive callbacks including blockaction, viewsubmission, and viewclosed in shared workspace deployments. Unauthorized workspace members can bypass allowFrom restrictions and channel user allowlists to enqueue...
CVE-2026-32005
OpenClaw versions prior to 2026.2.25 fail to enforce sender authorization checks for interactive callbacks including blockaction, viewsubmission, and viewclosed in shared workspace deployments. Unauthorized workspace members can bypass allowFrom restrictions and channel user allowlists to enqueue...
CVE-2026-32005 OpenClaw < 2026.2.25 - Authorization Bypass in Interactive Callbacks via Sender Check Skip
OpenClaw versions prior to 2026.2.25 fail to enforce sender authorization checks for interactive callbacks including blockaction, viewsubmission, and viewclosed in shared workspace deployments. Unauthorized workspace members can bypass allowFrom restrictions and channel user allowlists to enqueue...
CVE-2026-32005
OpenClaw CVE-2026-32005 affects versions before 2026.2.25. The root cause is a failure to enforce sender authorization checks for interactive callbacks (block_action, view_submission, view_closed) in shared workspace deployments, allowing unauthorized workspace members to bypass allowFrom restric...
CVE-2026-32005 OpenClaw < 2026.2.25 - Authorization Bypass in Interactive Callbacks via Sender Check Skip
OpenClaw versions prior to 2026.2.25 fail to enforce sender authorization checks for interactive callbacks including blockaction, viewsubmission, and viewclosed in shared workspace deployments. Unauthorized workspace members can bypass allowFrom restrictions and channel user allowlists to enqueue...
CVE-2026-32005
OpenClaw versions prior to 2026.2.25 fail to enforce sender authorization checks for interactive callbacks including blockaction, viewsubmission, and viewclosed in shared workspace deployments. Unauthorized workspace members can bypass allowFrom restrictions and channel user allowlists to enqueue...
EUVD-2026-13261
OpenClaw versions prior to 2026.2.25 fail to enforce sender authorization checks for interactive callbacks including blockaction, viewsubmission, and viewclosed in shared workspace deployments. Unauthorized workspace members can bypass allowFrom restrictions and channel user allowlists to enqueue...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the processing of Slack interactive callbacks, specifically blockaction, viewsubmission, and viewclosed. An attacker can inject unauthorized system-event text...