Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.4 views

CVE-2026-32899

OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from...

5.3CVSS5.8AI score0.00204EPSS
Exploits0References1
NVD
NVD
added 2026/03/21 1:17 a.m.5 views

CVE-2026-32899

OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from...

5.3CVSS0.00204EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/21 12:42 a.m.5 views

CVE-2026-32899 OpenClaw < 2026.2.25 - Sender Policy Bypass in Slack Reaction and Pin Event Handlers

OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from...

5.3CVSS5.8AI score0.00204EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/21 12:42 a.m.5 views

EUVD-2026-13978

OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from...

5.3CVSS5.8AI score0.00204EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.3 views

PT-2026-26748

OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from...

5.3CVSS5.8AI score0.00204EPSS
Exploits0References5
Rows per page
Query Builder