Lucene search
K

4 matches found

NVD
NVD
added 2026/05/05 12:16 p.m.10 views

CVE-2026-42438

OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy bypass vulnerability in the outbound host-media attachment read helper that allows unauthorized local file disclosure. Attackers with denied read access via toolsBySender or group policy can trigger host-media attachment loading ...

7.7CVSS0.00236EPSS
Exploits0References3
CVE
CVE
added 2026/05/05 11:24 a.m.11 views

CVE-2026-42438

OpenClaw version 2026.4.9 and older is affected by a sender policy bypass in the outbound host-media attachment read helper, enabling unauthorized local file disclosure when an attacker has denied read access via toolsBySender or group policy. The bypass can circumvent sender and group-scoped aut...

7.7CVSS5.8AI score0.00236EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/05 11:24 a.m.6 views

EUVD-2026-27259

OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy bypass vulnerability in the outbound host-media attachment read helper that allows unauthorized local file disclosure. Attackers with denied read access via toolsBySender or group policy can trigger host-media attachment loading ...

7.7CVSS5.8AI score0.00236EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/17 10:17 p.m.5 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the host-media attachment read helper. An attacker can access unauthorized local files by bypassing sender or group-scoped policy restrictions through the...

7.7CVSS5.8AI score0.00236EPSS
Exploits0References2
Rows per page
Query Builder