Lucene search
K

5 matches found

Vulnrichment
Vulnrichment
added 2026/03/19 10:7 p.m.2 views

CVE-2026-32028 OpenClaw < 2026.2.25 - Missing Authorization Check in Discord DM Reaction Ingress

OpenClaw versions prior to 2026.2.25 fail to enforce dmPolicy and allowFrom authorization checks on Discord direct-message reaction notifications, allowing non-allowlisted users to enqueue reaction-derived system events. Attackers can exploit this inconsistency by reacting to bot-authored DM...

6.3CVSS5.8AI score0.00198EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/13 6:58 p.m.14 views

OpenClaw: Discord guild reaction ingress could bypass users and roles allowlists

Summary In affected versions of openclaw, Discord reaction ingestion for guild channels did not enforce the same member users and roles allowlist checks used for normal inbound guild messages. A non-allowlisted guild member could still trigger reaction events that were accepted and queued as...

5.8AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/13 6:58 p.m.3 views

GHSA-9VVH-2768-C8VP OpenClaw: Discord guild reaction ingress could bypass users and roles allowlists

Summary In affected versions of openclaw, Discord reaction ingestion for guild channels did not enforce the same member users and roles allowlist checks used for normal inbound guild messages. A non-allowlisted guild member could still trigger reaction events that were accepted and queued as...

5.4CVSS5.8AI score0.00151EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/03 9:25 p.m.9 views

OpenClaw: Discord DM reaction ingress missed dmPolicy/allowFrom checks in restricted setups

Summary In OpenClaw = 2026.2.25 Fix Commits - aedf62ac7e669a89c7b299201bf6537dc6b12e0e Release Process Note patchedversions is pre-set to the release 2026.2.25 so after npm release the advisory is published. Thanks @tdjackey for reporting...

6.3CVSS6AI score0.00198EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/03 9:25 p.m.5 views

GHSA-354R-7MFH-7RH2 OpenClaw: Discord DM reaction ingress missed dmPolicy/allowFrom checks in restricted setups

Summary In OpenClaw = 2026.2.25 Fix Commits - aedf62ac7e669a89c7b299201bf6537dc6b12e0e Release Process Note patchedversions is pre-set to the release 2026.2.25 so after npm release the advisory is published. Thanks @tdjackey for reporting...

5.3CVSS6AI score0.00198EPSS
Exploits0References5
Rows per page
Query Builder