Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.6 views

CVE-2026-32035

OpenClaw versions prior to 2026.3.2 fail to pass the senderIsOwner flag when processing Discord voice transcripts in agentCommand, causing the flag to default to true. Non-owner voice participants can exploit this omission to access owner-only tools including gateway and cron functionality in...

5.9CVSS5.8AI score0.00139EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/19 10:7 p.m.5 views

EUVD-2026-13318

OpenClaw versions prior to 2026.3.2 fail to pass the senderIsOwner flag when processing Discord voice transcripts in agentCommand, causing the flag to default to true. Non-owner voice participants can exploit this omission to access owner-only tools including gateway and cron functionality in...

5.9CVSS5.8AI score0.00139EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/19 10:7 p.m.3 views

CVE-2026-32035 OpenClaw < 2026.3.2 - Missing Owner Flag Validation in Discord Voice Transcript Handler

OpenClaw versions prior to 2026.3.2 fail to pass the senderIsOwner flag when processing Discord voice transcripts in agentCommand, causing the flag to default to true. Non-owner voice participants can exploit this omission to access owner-only tools including gateway and cron functionality in...

5.9CVSS5.8AI score0.00139EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/03 9:32 p.m.9 views

OpenClaw: Discord voice transcript owner-flag omission could expose owner-only tools in mixed-trust channels

Summary In [email protected], the Discord voice transcript path called agentCommand... without senderIsOwner, and agentCommand defaults missing senderIsOwner to true. This could allow a non-owner voice participant in the same channel to reach owner-only tool surfaces gateway, cron during voice...

7.1CVSS5.9AI score0.00139EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/03 9:32 p.m.3 views

GHSA-WPG9-4G4V-F9RC OpenClaw: Discord voice transcript owner-flag omission could expose owner-only tools in mixed-trust channels

Summary In [email protected], the Discord voice transcript path called agentCommand... without senderIsOwner, and agentCommand defaults missing senderIsOwner to true. This could allow a non-owner voice participant in the same channel to reach owner-only tool surfaces gateway, cron during voice...

5.9CVSS5.9AI score0.00139EPSS
Exploits0References4
Rows per page
Query Builder