2 matches found
CVE-2026-41394 OpenClaw < 2026.3.31 - Unauthorized Operator Scope Access in Unauthenticated Plugin-Auth Routes
OpenClaw before 2026.3.31 contains an authentication bypass vulnerability where unauthenticated plugin-auth HTTP routes receive operator runtime write scopes. Attackers can access these routes without authentication to perform privileged runtime actions intended for authorized operators...
PT-2026-35778
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description An authentication bypass exists where unauthenticated 'plugin-auth' HTTP routes are granted operator runtime write scopes. This allows unauthorized users to access these routes and perform...