Lucene search
K

5 matches found

NVD
NVD
added 2026/04/28 7:37 p.m.5 views

CVE-2026-41375

OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the /phone arm and /phone disarm endpoints that fails to properly enforce operator.admin scope checks for external channels. Attackers can bypass authentication restrictions to arm or disarm phone channels without proper...

7.1CVSS0.00331EPSS
Exploits0References3
CVE
CVE
added 2026/04/28 6:9 p.m.10 views

CVE-2026-41375

OpenClaw (npm package) is affected by an authorization bypass in the /phone arm and /phone disarm endpoints due to improper enforcement of operator.admin scope checks for external channels. This allows attackers to arm or disarm phone channels without proper administrative privileges. The issue h...

7.1CVSS5.3AI score0.00331EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/28 6:9 p.m.3 views

CVE-2026-41375 OpenClaw < 2026.3.28 - Authorization Bypass in /phone arm and /phone disarm Endpoints

OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the /phone arm and /phone disarm endpoints that fails to properly enforce operator.admin scope checks for external channels. Attackers can bypass authentication restrictions to arm or disarm phone channels without proper...

7.1CVSS5.3AI score0.00331EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from authorization bypass vulnerabilities in the /phone arm and /phone disarm endpoints, which failed to...

7.1CVSS5.9AI score0.00331EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/07 6:10 p.m.2 views

Improper Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Authorization via the /phone arm and /phone disarm commands bypassing the operator.admin scope check for external channels. An attacker can perform unauthorized actions by sendin...

7.1CVSS5.9AI score0.00331EPSS
Exploits0References2
Rows per page
Query Builder