4 matches found
OpenClaw Metadata Spoofing Vulnerability
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a metadata forgery vulnerability that stems from client-submitted reconnect platform and device family fields not being bound to a device authentication signature. An attacker could use this...
CVE-2026-32014
OpenClaw versions prior to 2026.2.26 contain a metadata spoofing vulnerability where reconnect platform and deviceFamily fields are accepted from the client without being bound into the device-auth signature. An attacker with a paired node identity on the trusted network can spoof reconnect...
GHSA-R65X-2HQR-J5HF OpenClaw: Node reconnect metadata spoofing could bypass platform-based node command policy
Summary A paired node device could reconnect with spoofed platform/deviceFamily metadata and broaden node command policy eligibility because reconnect metadata was accepted from the client while these fields were not bound into the device-auth signature. Affected Packages / Versions - Package:...
Recent App Issues Reveal Facebook’s Struggles to Temper Data Privacy Woes
Facebook was hit with a double privacy punch regarding data privacy on Wednesday. First, Facebook acknowledged in a public post that one of the apps on its platform, myPersonality, inappropriately shared 4 million users’ data with researchers. Also on Wednesday, The Wall Street Journal reported...