Lucene search
K

4 matches found

OSV
OSV
added 2026/06/18 8:44 p.m.5 views

GHSA-4HPG-MP64-X7XQ OpenClaw: Internal/webchat command auth could inherit ownerAllowFrom wildcard state

Summary Internal/webchat command auth could inherit ownerAllowFrom wildcard state. In affected versions, a sender on an affected internal or webchat path could inherit wildcard ownerAllowFrom state across channel boundaries. This advisory is scoped to the named feature and configuration. It does...

6CVSS5.7AI score0.00245EPSS
Exploits0References4
NVD
NVD
added 2026/06/16 7:17 p.m.12 views

CVE-2026-53854

OpenClaw before 2026.4.25 contains a privilege escalation vulnerability in internal and webchat command authentication that allows senders to inherit wildcard ownerAllowFrom state across channel boundaries. Attackers can exploit this by sending commands on affected internal or webchat paths to...

6.5CVSS0.00245EPSS
Exploits0References2
CVE
CVE
added 2026/06/16 6:5 p.m.27 views

CVE-2026-53854

OpenClaw is affected by a privilege escalation in versions before 2026.4.25. The issue arises from wildcard inheritance of ownerAllowFrom state across channel boundaries in internal and webchat command authentication, allowing a sender to execute owner-like commands outside the intended channel s...

6.5CVSS5.6AI score0.00245EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/29 9:27 p.m.5 views

GHSA-C28G-VH7M-FM7V OpenClaw: Owner-enforced commands could accept wildcard channel senders as command owners

Impact OpenClaw deployments before 2026.4.21 could treat a non-owner sender as authorized for owner-enforced slash commands when all of the following were true: - a channel plugin declared commands.enforceOwnerForCommands: true; - the channel accepted wildcard inbound senders with allowFrom: ""; ...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References6
Rows per page
Query Builder