Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.4 views

CVE-2026-32899

OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from...

5.3CVSS5.8AI score0.00204EPSS
Exploits0References1
OSV
OSV
added 2026/03/21 3:31 a.m.5 views

GHSA-G839-VP47-WGH8 Duplicate Advisory: OpenClaw's Slack reaction/pin sender-policy consistency issue in non-message ingress

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rm2p-j3r7-4x4j. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message...

5.3CVSS5.7AI score0.00204EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/21 12:42 a.m.5 views

EUVD-2026-13978

OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from...

5.3CVSS5.8AI score0.00204EPSS
Exploits0References4
CVE
CVE
added 2026/03/21 12:42 a.m.15 views

CVE-2026-32899

OpenClaw versions prior to 2026.2.25 are affected by a sender-policy bypass in Slack reaction and pin event handlers. The root cause is inconsistent application of sender-policy checks to reaction_* and pin_* non-message events before they are added to system-event context, allowing attackers to ...

5.3CVSS5.8AI score0.00204EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.3 views

PT-2026-26748

OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from...

5.3CVSS5.8AI score0.00204EPSS
Exploits0References5
OSV
OSV
added 2026/03/03 7:50 p.m.2 views

GHSA-RM2P-J3R7-4X4J OpenClaw's Slack reaction/pin sender-policy consistency issue in non-message ingress

Summary OpenClaw Slack monitor handled reaction and pin non-message events before applying sender-policy checks consistently. In affected versions, these events could be added to system-event context even when sender policy would not normally allow them. Affected Packages / Versions - Package: np...

5.3CVSS5.9AI score0.00204EPSS
Exploits0References6
Rows per page
Query Builder