Lucene search
+L

6 matches found

EUVD
EUVD
added 9 hours ago4 views

EUVD-2026-45107

OpenClaw 2026.2.12 before 2026.5.26 contain an authorization bypass vulnerability in the hooks allowedAgentIds validation. A lower-trust caller or configured input path can bypass agent ID restrictions by submitting blank agent IDs, allowing actions that should require stronger authorization or...

7.1CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 3 days ago4 views

EUVD-2026-43566

OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability in which the Feishu permission tools could ignore per-account disablement settings. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could...

8.6CVSS6.1AI score0.00213EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 4 days ago2 views

CVE-2026-62200

OpenClaw versions before 2026.6.6 contain a flaw in host exec environment filtering that could allow Git ext transport to be abused. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended...

8.8CVSS6.2AI score0.00295EPSS
Exploits0References3
CVE
CVE
added 4 days ago14 views

CVE-2026-62200

OpenClaw

8.8CVSS6.2AI score0.00295EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-62188

OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability in which the Feishu permission tools could ignore per-account disablement settings. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could...

8.6CVSS6.1AI score0.00213EPSS
Exploits0References3
OSV
OSV
added 2026/07/02 3:40 p.m.3 views

GHSA-Q7Q8-3MGW-Q67R OpenClaw: Message read actions could skip channel allowlist checks

Summary Message read actions could skip channel allowlist checks. In affected versions, a lower-trust caller with access to the affected message read action could request messages without the same channel allowlist check used by normal delivery. This advisory is scoped to the named feature and...

7.1CVSS5.9AI score0.00215EPSS
Exploits0References4
Rows per page
Query Builder