CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

43 matches found

RedhatCVE•added 2026/05/07 8:21 p.m.•3 views

CVE-2026-44110

OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms,...

8.8CVSS5.9AI score0.0005EPSS

Exploits0References1

Github Security Blog•added 2026/05/06 9:31 p.m.•4 views

Duplicate Advisory: OpenClaw: Matrix room control-command authorization no longer trusts DM pairing-store entries

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2gvc-4f3c-2855. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization...

8.8CVSS5.8AI score0.0005EPSS

Exploits0References6Affected Software1

EUVD•added 2026/05/06 9:31 p.m.•2 views

EUVD-2026-28186

8.8CVSS5.9AI score0.0005EPSS

Exploits0References5

Vulnrichment•added 2026/05/06 7:49 p.m.•4 views

CVE-2026-44110 OpenClaw < 2026.4.15 - Authorization Bypass in Matrix Room Control Commands via DM Pairing Store

8.8CVSS5.9AI score0.0005EPSS

Exploits0References4

ATTACKERKB•added 2026/05/06 7:49 p.m.•2 views

CVE-2026-44110

8.8CVSS5.9AI score0.0005EPSS

Exploits0References5

Positive Technologies•added 2026/05/06 12:0 a.m.•7 views

PT-2026-38243

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.15 Description An authorization bypass exists in Matrix room control-command authorization due to improper trust in DM pairing-store entries. Attackers possessing DM-paired sender IDs can execute room control...

8.8CVSS5.9AI score0.0005EPSS

Exploits0References7

Github Security Blog•added 2026/04/17 10:32 p.m.•5 views

OpenClaw: Matrix room control-command authorization no longer trusts DM pairing-store entries

Summary Matrix room control-command authorization used the effective allowlist for room traffic, which included sender IDs learned from the Matrix DM pairing store. A sender who was allowed only for a Matrix DM could therefore authorize room control commands when they also posted in a bot room...

8.8CVSS5.6AI score0.0005EPSS

Exploits0References8Affected Software1

EUVD•added 2026/04/09 12:32 a.m.•2 views

EUVD-2026-20756

OpenClaw has Signal group allowlist authorization bypass via DM pairing-store leakage...

9.8CVSS5.9AI score0.00092EPSS

Exploits0References30

RedhatCVE•added 2026/03/26 3:17 p.m.•1 views

CVE-2026-32067

OpenClaw versions prior to 2026.2.26 contains an authorization bypass vulnerability in the pairing-store access control for direct message pairing policy that allows attackers to reuse pairing approvals across multiple accounts. An attacker approved as a sender in one account can be automatically...

8.1CVSS5.8AI score0.0004EPSS

Exploits0References1

CVE•added 2026/03/23 9:36 p.m.•3 views

CVE-2026-32904

OpenClaw is affected by an authorization bypass vulnerability (CVE-2026-32904) present in versions before 2026.2.26. The issue occurs in group allowlist policy evaluation, which incorrectly accepts sender identities from DM pairing-store approvals, allowing an attacker to bypass group allowlist c...

5.8AI score

Exploits0

EUVD•added 2026/03/21 3:31 a.m.•0 views

EUVD-2026-13968

3.7CVSS5.8AI score0.0004EPSS

Exploits0References5

NVD•added 2026/03/21 1:17 a.m.•2 views

CVE-2026-32067

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability in the pairing-store access control for direct message pairing policy that allows attackers to reuse pairing approvals across multiple accounts. An attacker approved as a sender in one account can be automatically...

8.1CVSS0.0004EPSS

Exploits0References4

OSV•added 2026/03/21 1:17 a.m.•1 views

CVE-2026-32067

3.7CVSS5.9AI score

Exploits0References4

ATTACKERKB•added 2026/03/21 12:42 a.m.•2 views

CVE-2026-32067

8.1CVSS5.8AI score0.0004EPSS

Exploits0References5

CVE•added 2026/03/21 12:42 a.m.•4 views

CVE-2026-32067

OpenClaw contains an authorization bypass in the direct-message pairing policy. Specifically, versions prior to 2026.2.26 allow reuse of pairing approvals across multiple accounts due to an unscoped/weak pairing-store access-control check, enabling a sender approved in one account to be automatic...

8.1CVSS5.8AI score0.0004EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/03/21 12:42 a.m.•35 views

CVE-2026-32067 OpenClaw < 2026.2.26 - Cross-Account Authorization Bypass in DM Pairing Store

3.7CVSS0.0004EPSS

Exploits0References4

Positive Technologies•added 2026/03/21 12:0 a.m.•2 views

PT-2026-26743

3.7CVSS5.8AI score0.0004EPSS

Exploits0References5

OSV•added 2026/03/19 2:16 a.m.•1 views

CVE-2026-31991

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal group allowlist policy incorrectly accepts sender identities from DM pairing-store approvals. Attackers can exploit this boundary weakness by obtaining DM pairing approval to bypass group allowlist...

4.6CVSS5.9AI score

Exploits0References4

Cvelist•added 2026/03/19 1:0 a.m.•18 views

CVE-2026-31991 OpenClaw < 2026.2.26 - Authorization Bypass via DM Pairing-Store Leakage in Signal Group Allowlist

3.7CVSS0.00044EPSS

Exploits0References4

Vulnrichment•added 2026/03/19 1:0 a.m.•0 views

CVE-2026-31991 OpenClaw < 2026.2.26 - Authorization Bypass via DM Pairing-Store Leakage in Signal Group Allowlist

3.7CVSS5.8AI score0.00044EPSS

Exploits0References4

Rows per page