3 matches found
Origin Validation Error
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Origin Validation Error in the sessionslist, sessionshistory, and sessionssend tools. An attacker can access sensitive transcript content from peer sessions by exploiting insufficient...
Origin Validation Error
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Origin Validation Error via the sessionssend sourceTool. An attacker can cause privileged actions to be performed by injecting crafted inter-session prompts that are misinterpreted as...
GHSA-W5C7-9QQW-6645 OpenClaw inter-session prompts could be treated as direct user instructions
Summary Inter-session messages sent via sessionssend could be interpreted as direct end-user instructions because they were persisted as role: "user" without provenance metadata. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.13 Impact A delegated or internal...