EUVD-2026-17014

OpenClaw before 2026.3.12 contains a weak authorization vulnerability in Zalouser allowlist mode that matches mutable group display names instead of stable group identifiers. Attackers can create groups with identical names to allowlisted groups to bypass channel authorization and route messages...

CVE-2026-32975

OpenClaw before 2026.3.12 contains a weak authorization vulnerability in Zalouser allowlist mode that matches mutable group display names instead of stable group identifiers. Attackers can create groups with identical names to allowlisted groups to bypass channel authorization and route messages...

OpenClaw's Zalouser allowlist authorization matched mutable group names by default

Summary OpenClaw's Zalouser allowlist mode accepted mutable group names and normalized slugs as authorization matches instead of requiring stable group IDs. In deployments that used name-based channels.zalouser.groups entries together with permissive sender allowlists, a different group could be...

EUVD-2020-18375

Malware in sbrugna...

ALPINE-CVE-2020-25721

Kerberos acceptors need easy access to stable AD identifiers eg objectSid. Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID and samAccountName in issued tickets...

DEBIAN-CVE-2020-25721

Kerberos acceptors need easy access to stable AD identifiers eg objectSid. Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID and samAccountName in issued tickets...

Kerberos acceptors need easy access to stable

Description In order to avoid issues like CVE-2020-25717 AD Kerberos accepting services need access to unique, and ideally long-term stable identifiers of a user to perform authorization. The AD PAC provides this, but the most useful information is kept in a buffer which is NDR encoded, which mea...