Lucene search
K

10 matches found

EUVD
EUVD
added 3 hours ago9 views

EUVD-2026-36321

OpenClaw: Message read actions could skip channel allowlist checks...

7.1CVSS5.8AI score0.00215EPSS
Exploits0References3
CVE
CVE
added 2026/06/16 6:5 p.m.13 views

CVE-2026-53851

CVE-2026-53851 affects OpenClaw prior to version 2026.5.12. A notification bypass allows Slack reaction events to be processed by the agent pipeline even when reaction notifications are disabled. An attacker can trigger unintended agent processing by sending reaction events while the feature is e...

6.3CVSS5.3AI score0.00191EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.11 views

PT-2026-49768

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.12 Description A notification bypass allows Slack reaction events to enter the agent pipeline even when reaction notifications are disabled. This can trigger unintended agent processing for reaction events,...

6.3CVSS5.2AI score0.00191EPSS
Exploits0References5
NVD
NVD
added 2026/06/11 9:16 p.m.12 views

CVE-2026-53815

OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips channel allowlist checks. Lower-trust callers can request messages from channels not intended for them by exploiting insufficient validation in the affected feature, potentially exposing...

7.1CVSS0.00215EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/11 8:8 p.m.31 views

CVE-2026-53815 OpenClaw < 2026.5.19 - Channel Allowlist Bypass in Message Read Actions

OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips channel allowlist checks. Lower-trust callers can request messages from channels not intended for them by exploiting insufficient validation in the affected feature, potentially exposing...

7.1CVSS0.00215EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 8:8 p.m.20 views

CVE-2026-53815

OpenClaw is affected by an authorization bypass in the message read actions present before 2026.5.19. The root cause is insufficient validation that should enforce channel allowlists, allowing lower-trust callers to request messages from channels not intended for them and exposing potentially sen...

7.1CVSS5.5AI score0.00215EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.19 contained security vulnerabilities. These vulnerabilities stemmed from authorization bypass issues during message reading operations, resulting in bypassing channel permissio...

7.1CVSS5.3AI score0.00215EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.11 views

PT-2026-48745

OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips channel allowlist checks. Lower-trust callers can request messages from channels not intended for them by exploiting insufficient validation in the affected feature, potentially exposing...

7.1CVSS5.5AI score0.00215EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/09 2:22 p.m.8 views

OpenClaw: Lower-trust background runtime output is injected into trusted `System:` events, and local async exec completion misses the intended `exec-event` downgrade

Impact Lower-trust background runtime output is injected into trusted System: events, and local async exec completion misses the intended exec-event downgrade. Lower-trust runtime/background output could be promoted into trusted System events, allowing prompt-injection into later agent turns...

5.9AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/09 2:22 p.m.3 views

GHSA-GFMX-PPH7-G46X OpenClaw: Lower-trust background runtime output is injected into trusted `System:` events, and local async exec completion misses the intended `exec-event` downgrade

Impact Lower-trust background runtime output is injected into trusted System: events, and local async exec completion misses the intended exec-event downgrade. Lower-trust runtime/background output could be promoted into trusted System events, allowing prompt-injection into later agent turns...

7.3CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder