Lucene search
K

12 matches found

OSV
OSV
added 2026/05/08 2:16 p.m.10 views

UBUNTU-CVE-2026-43334

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: force responder MITM requirements before building the pairing response smpcmdpairingreq currently builds the pairing response from the initiator authreq before enforcing the local BTSECURITYHIGH requirement. If th...

8.8CVSS5.7AI score0.00252EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.11 views

PT-2026-38985

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Bluetooth Security Manager Protocol SMP where the smp cmd pairing req function builds a pairing response based on the initiator's authentication requirements befor...

8.8CVSS5.8AI score0.00252EPSS
Exploits0
EUVD
EUVD
added 2026/04/10 12:30 a.m.5 views

EUVD-2026-21112

OpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct messages before enforcing sender and pairing policy validation. Attackers can trigger unauthorized pre-authentication computation by sending crafted DM messages, enabling denial of service through...

6.9CVSS5.9AI score0.00454EPSS
Exploits0References5
CNVD
CNVD
added 2026/03/24 12:0 a.m.3 views

OpenClaw Authorization Bypass Vulnerability (CNVD-2026-14837)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authorization bypass vulnerability that stems from the system incorrectly treating DM paired stored identities as group allowlist identities when dmPolicy is set to pairing and groupPolicy is set to...

4.3CVSS5.9AI score0.00295EPSS
Exploits0References1
OSV
OSV
added 2026/03/19 10:16 p.m.5 views

CVE-2026-32006

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where DM pairing-store identities are incorrectly treated as group allowlist identities when dmPolicy=pairing and groupPolicy=allowlist. Remote attackers can send messages and reactions as DM-paired identities...

3.1CVSS5.9AI score
Exploits0References3
Cvelist
Cvelist
added 2026/03/19 10:6 p.m.28 views

CVE-2026-32006 OpenClaw < 2026.2.26 - Authorization Bypass via DM Pairing-Store Fallback in Group Allowlist

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where DM pairing-store identities are incorrectly treated as group allowlist identities when dmPolicy=pairing and groupPolicy=allowlist. Remote attackers can send messages and reactions as DM-paired identities...

3.1CVSS0.00295EPSS
Exploits0References3
CVE
CVE
added 2026/03/19 10:6 p.m.17 views

CVE-2026-32006

OpenClaw CVE-2026-32006 affects openclaw versions prior to 2026.2.26. The root cause is an authorization bypass where DM pairing-store identities are incorrectly treated as group allowlist identities when dmPolicy=pairing and groupPolicy=allowlist. This allows a remote attacker to send messages a...

4.3CVSS5.8AI score0.00295EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.7 views

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authorization bypass vulnerability that stems from the system incorrectly treating DM paired stored identities as group allowlist identities when dmPolicy is set to pairing and groupPolicy is set to...

4.3CVSS5.8AI score0.00295EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/04 7:44 p.m.4 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the isAllowedParsedChatSender process. An attacker can gain unauthorized access to direct messaging or reaction features by sending messages from an untrusted...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.4 views

PT-2026-26004

Summary BlueBubbles is an optional OpenClaw channel plugin. A configuration-sensitive access-control mismatch allowed DM senders to be treated as authorized when dmPolicy was pairing or allowlist and allowFrom was empty/unset. Severity Rationale Medium Severity is set to medium because: - this...

6.3CVSS5.7AI score0.00255EPSS
Exploits0References12
Snyk
Snyk
added 2026/03/03 10:54 p.m.3 views

Incorrect Authorization

Overview @openclaw/voice-call is an OpenClaw voice-call plugin Affected versions of this package are vulnerable to Incorrect Authorization in the group authorization process when groupPolicy=allowlist and dmPolicy=pairing are configured and pairing-store entries are present. An attacker can gain...

5.3CVSS5.8AI score0.00295EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/03 10:54 p.m.9 views

OpenClaw has a BlueBubbles group allowlist mismatch via DM pairing-store fallback

Summary In [email protected], BlueBubbles group authorization could incorrectly treat DM pairing-store identities as group allowlist identities when dmPolicy=pairing and groupPolicy=allowlist. A sender that was only DM-paired not explicitly present in groupAllowFrom could pass group sender check...

4.3CVSS5.9AI score0.00295EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder