5 matches found
CVE-2026-41375
OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the /phone arm and /phone disarm endpoints that fails to properly enforce operator.admin scope checks for external channels. Attackers can bypass authentication restrictions to arm or disarm phone channels without proper...
CVE-2026-41375
OpenClaw (npm package) is affected by an authorization bypass in the /phone arm and /phone disarm endpoints due to improper enforcement of operator.admin scope checks for external channels. This allows attackers to arm or disarm phone channels without proper administrative privileges. The issue h...
CVE-2026-41375 OpenClaw < 2026.3.28 - Authorization Bypass in /phone arm and /phone disarm Endpoints
OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the /phone arm and /phone disarm endpoints that fails to properly enforce operator.admin scope checks for external channels. Attackers can bypass authentication restrictions to arm or disarm phone channels without proper...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from authorization bypass vulnerabilities in the /phone arm and /phone disarm endpoints, which failed to...
Improper Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Authorization via the /phone arm and /phone disarm commands bypassing the operator.admin scope check for external channels. An attacker can perform unauthorized actions by sendin...