EUVD-2025-210215

In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-32904

Rejected reason: This CVE ID has been rejected...

CVE-2026-32904

...

Duplicate Advisory: OpenClaw has cross-account DM pairing authorization bypass via unscoped pairing store access

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vjp8-wprm-2jw9. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.26 contains an authorization bypass vulnerability in the pairing-store access contr...

CVE-2026-32067

OpenClaw contains an authorization bypass in the direct-message pairing policy. Specifically, versions prior to 2026.2.26 allow reuse of pairing approvals across multiple accounts due to an unscoped/weak pairing-store access-control check, enabling a sender approved in one account to be automatic...

CVE-2026-32067

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability in the pairing-store access control for direct message pairing policy that allows attackers to reuse pairing approvals across multiple accounts. An attacker approved as a sender in one account can be automatically...

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to cause reuse of pairing approvals across multiple accounts...

CVE-2026-31991

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal group allowlist policy incorrectly accepts sender identities from DM pairing-store approvals. Attackers can exploit this boundary weakness by obtaining DM pairing approval to bypass group allowlist...

EUVD-2026-13021

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal group allowlist policy incorrectly accepts sender identities from DM pairing-store approvals. Attackers can exploit this boundary weakness by obtaining DM pairing approval to bypass group allowlist...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the group allowlist authorization. An attacker can gain unauthorized access to group communications by leveraging DM pairing-store approvals to bypass explicit...