3 matches found
GHSA-G839-VP47-WGH8 Duplicate Advisory: OpenClaw's Slack reaction/pin sender-policy consistency issue in non-message ingress
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rm2p-j3r7-4x4j. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message...
OpenClaw 安全漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from not consistently applying sender policy checks to reaction and pin non-message events, which can be exploited by an attacker to cause the injection of...
PT-2026-26748
OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction and pin non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from...