Duplicate Advisory: OpenClaw: Matrix room control-command authorization no longer trusts DM pairing-store entries

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2gvc-4f3c-2855. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization...

CVE-2026-44110

OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms,...

CVE-2026-44110 OpenClaw < 2026.4.15 - Authorization Bypass in Matrix Room Control Commands via DM Pairing Store

OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms,...

CVE-2026-44110 OpenClaw < 2026.4.15 - Authorization Bypass in Matrix Room Control Commands via DM Pairing Store

OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms,...

CVE-2026-44110

OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms,...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.15 contained security vulnerabilities. These vulnerabilities stemmed from the Matrix room control commands, which allowed unauthorized access to DM pairing storage entries,...

EUVD-2024-3300

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-43433

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users. CVE-2024-43433 Note that...

BIT-MOODLE-2024-43433 Moodle: matrix user/power level management not always working as expected with suspended users

A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users...

CVE-2024-43433

A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users...

CVE-2024-43433

A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users...

UBUNTU-CVE-2024-43433

A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users...

Improper Authentication

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Improper Authentication due to the incorrect application and revocation of matrix room membership and power levels for suspended users. Remediation Upgrade moodle/moodle to version 4.4.2, 4.3.6 or...

Moodle 安全漏洞

Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle that stems from the incorrect application and revocation of Matrix room membership...

Moodle 4.3.x < 4.3.6, 4.4.x < 4.4.2 Improper Access Control Vulnerability (MSA-24-0034)

Moodle is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle";...

CVE-2024-32000 Truncated content of messages can be leaked from matrix-appservice-irc

matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. matrix-appservice-irc before version 2.0.0 can be exploited to leak the truncated body of a message if a malicious user sends a Matrix reply to an event ID they don't have access to. As a precondition to the attack,...

PT-2024-24351 · Unknown · Matrix-Appservice-Irc

Name of the Vulnerable Software and Affected Versions: matrix-appservice-irc versions prior to 2.0.0 Description: The issue allows a malicious user to leak the truncated body of a message if they send a Matrix reply to an event ID they don't have access to. The malicious user needs to know the...

Element Android Security Vulnerability

Element Android is the Android Matrix client provided by Element. A security vulnerability exists in Element Android versions 0.91.0 through 1.6.12, which originates from a vulnerability that allows an attacker to share files stored in the application's private data directory to an arbitrary Matr...