Lucene search
K

10 matches found

EUVD
EUVD
added 2026/04/24 12:31 a.m.7 views

EUVD-2026-25324

OpenClaw before 2026.3.31 contains an authentication boundary vulnerability where Telegram legacy allowFrom migration incorrectly fans default-account trust into all named accounts. Attackers can exploit this trust propagation to bypass authentication controls and gain unauthorized access to name...

6.5CVSS5.8AI score0.00278EPSS
Exploits0References4
NVD
NVD
added 2026/04/23 10:16 p.m.5 views

CVE-2026-41340

OpenClaw before 2026.3.31 contains an authentication boundary vulnerability where Telegram legacy allowFrom migration incorrectly fans default-account trust into all named accounts. Attackers can exploit this trust propagation to bypass authentication controls and gain unauthorized access to name...

6.5CVSS0.00278EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/23 9:57 p.m.3 views

CVE-2026-41340 OpenClaw < 2026.3.31 - Authentication Boundary Bypass via Telegram Legacy allowFrom Migration

OpenClaw before 2026.3.31 contains an authentication boundary vulnerability where Telegram legacy allowFrom migration incorrectly fans default-account trust into all named accounts. Attackers can exploit this trust propagation to bypass authentication controls and gain unauthorized access to name...

6.5CVSS5.3AI score0.00278EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/23 9:57 p.m.34 views

CVE-2026-41340 OpenClaw < 2026.3.31 - Authentication Boundary Bypass via Telegram Legacy allowFrom Migration

OpenClaw before 2026.3.31 contains an authentication boundary vulnerability where Telegram legacy allowFrom migration incorrectly fans default-account trust into all named accounts. Attackers can exploit this trust propagation to bypass authentication controls and gain unauthorized access to name...

6.5CVSS0.00278EPSS
Exploits0References3
CVE
CVE
added 2026/04/23 9:57 p.m.23 views

CVE-2026-41340

OpenClaw is affected; versions before 2026.3.31 expose an authentication boundary vulnerability where Telegram legacy allowFrom migration incorrectly propagates default-account trust to all named accounts, allowing attackers to bypass authentication and gain unauthorized access to named accounts....

6.5CVSS5.8AI score0.00278EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/23 9:57 p.m.2 views

CVE-2026-41340

OpenClaw before 2026.3.31 contains an authentication boundary vulnerability where Telegram legacy allowFrom migration incorrectly fans default-account trust into all named accounts. Attackers can exploit this trust propagation to bypass authentication controls and gain unauthorized access to name...

6.5CVSS5.8AI score0.00278EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.14 views

PT-2026-34771

OpenClaw before 2026.3.31 contains an authentication boundary vulnerability where Telegram legacy allowFrom migration incorrectly fans default-account trust into all named accounts. Attackers can exploit this trust propagation to bypass authentication controls and gain unauthorized access to name...

6.5CVSS5.8AI score0.00278EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/03 3:20 a.m.5 views

Incorrect Permission Assignment for Critical Resource

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to improper migration of allowFrom trust settings from the default account to all named accounts during the Telegram legacy...

6.5CVSS5.9AI score0.00278EPSS
Exploits0References2
OSV
OSV
added 2026/04/03 3:20 a.m.7 views

GHSA-F693-58PC-2GFR OpenClaw: Telegram legacy allowFrom migration fans default-account trust into all named accounts

Summary Telegram legacy allowFrom migration fans default-account trust into all named accounts Current Maintainer Triage - Status: open - Normalized severity: low - Assessment: Shipped v2026.3.28 Telegram migration fans legacy default-account allowFrom trust into named accounts, which is an...

6.3CVSS5.8AI score0.00278EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/03 3:20 a.m.5 views

OpenClaw: Telegram legacy allowFrom migration fans default-account trust into all named accounts

Summary Telegram legacy allowFrom migration fans default-account trust into all named accounts Current Maintainer Triage - Status: open - Normalized severity: low - Assessment: Shipped v2026.3.28 Telegram migration fans legacy default-account allowFrom trust into named accounts, which is an...

5.9AI score
Exploits0References4Affected Software1
Rows per page
Query Builder