Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.4 views

CVE-2026-32899

OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from...

5.3CVSS5.8AI score0.00204EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/21 3:31 a.m.6 views

Duplicate Advisory: OpenClaw's Slack reaction/pin sender-policy consistency issue in non-message ingress

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rm2p-j3r7-4x4j. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message...

5.3CVSS5.7AI score0.00204EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/21 3:31 a.m.4 views

GHSA-G839-VP47-WGH8 Duplicate Advisory: OpenClaw's Slack reaction/pin sender-policy consistency issue in non-message ingress

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rm2p-j3r7-4x4j. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message...

5.3CVSS5.7AI score0.00204EPSS
Exploits0References5
NVD
NVD
added 2026/03/21 1:17 a.m.4 views

CVE-2026-32899

OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from...

5.3CVSS0.00204EPSS
Exploits0References4
OSV
OSV
added 2026/03/21 1:17 a.m.2 views

CVE-2026-32899

OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from...

4.3CVSS5.9AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/21 12:42 a.m.3 views

CVE-2026-32899

OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from...

5.3CVSS5.8AI score0.00204EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/21 12:42 a.m.4 views

CVE-2026-32899 OpenClaw < 2026.2.25 - Sender Policy Bypass in Slack Reaction and Pin Event Handlers

OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from...

5.3CVSS5.8AI score0.00204EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/21 12:42 a.m.4 views

EUVD-2026-13978

OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from...

5.3CVSS5.8AI score0.00204EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/21 12:42 a.m.22 views

CVE-2026-32899 OpenClaw < 2026.2.25 - Sender Policy Bypass in Slack Reaction and Pin Event Handlers

OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from...

5.3CVSS0.00204EPSS
Exploits0References4
CVE
CVE
added 2026/03/21 12:42 a.m.15 views

CVE-2026-32899

OpenClaw versions prior to 2026.2.25 are affected by a sender-policy bypass in Slack reaction and pin event handlers. The root cause is inconsistent application of sender-policy checks to reaction_* and pin_* non-message events before they are added to system-event context, allowing attackers to ...

5.3CVSS5.8AI score0.00204EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.6 views

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from not consistently applying sender policy checks to reaction and pin non-message events, which can be exploited by an attacker to cause the injection of...

5.3CVSS5.8AI score0.00204EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.2 views

PT-2026-26748

OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from...

5.3CVSS5.8AI score0.00204EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/03 7:50 p.m.6 views

OpenClaw's Slack reaction/pin sender-policy consistency issue in non-message ingress

Summary OpenClaw Slack monitor handled reaction and pin non-message events before applying sender-policy checks consistently. In affected versions, these events could be added to system-event context even when sender policy would not normally allow them. Affected Packages / Versions - Package: np...

5.3CVSS5.9AI score0.00204EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder