Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/05/11 4:46 p.m.38 views

CVE-2026-45002 OpenClaw < 2026.4.20 - Hook Session-Key Bypass via Template Mapping

OpenClaw before 2026.4.20 contains a hook session-key bypass vulnerability that allows attackers to circumvent the hooks.allowRequestSessionKey opt-in restriction. Attackers can render externally influenced session keys through templated hook mappings to bypass webhook routing isolation controls...

6.3CVSS0.00279EPSS
Exploits0References3
CVE
CVE
added 2026/05/11 4:46 p.m.18 views

CVE-2026-45002

OpenClaw prior to 2026.4.20 contains a hook session-key bypass vulnerability that lets an attacker bypass the hooks.allowRequestSessionKey opt-in restriction. By using templated hook mappings, externally influenced session keys can be rendered to bypass webhook routing isolation controls. The ava...

6.3CVSS5.8AI score0.00279EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/25 11:45 p.m.10 views

OpenClaw: Hook mapping templates could bypass hook session-key opt-in

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact Templated hook mapping sessionKey values were treated differently from request-supplied session keys. A hook mapping could render an externally influenced session key even when...

6.3CVSS5.5AI score0.00279EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/25 11:45 p.m.25 views

GHSA-2XCP-X87W-Q377 OpenClaw: Hook mapping templates could bypass hook session-key opt-in

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact Templated hook mapping sessionKey values were treated differently from request-supplied session keys. A hook mapping could render an externally influenced session key even when...

6.9CVSS5.9AI score0.00279EPSS
Exploits0References5
Rows per page
Query Builder