Lucene search
K

6 matches found

OSV
OSV
added 6 days ago4 views

GHSA-275C-XPVC-JGFW OpenClaw: Slack and Zalo webhook secrets could remain active after secrets.reload

Summary Slack and Zalo webhook secrets could remain active after secrets.reload. In affected versions, a caller with an old webhook secret during the stale-secret window could keep accepting the previous secret after secrets.reload. This advisory is scoped to the named feature and configuration. ...

6.3CVSS6AI score0.00207EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 12:34 a.m.13 views

EUVD-2026-36618

OpenClaw before 2026.4.22 contains a webhook secret revocation bypass vulnerability allowing callers with old Slack and Zalo webhook secrets to remain active after secrets.reload. Attackers can exploit the stale-secret window to deliver webhook events after operator-expected secret revocation,...

6.5CVSS5.2AI score0.00207EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 10:16 p.m.15 views

CVE-2026-53830

OpenClaw before 2026.4.22 contains a webhook secret revocation bypass vulnerability allowing callers with old Slack and Zalo webhook secrets to remain active after secrets.reload. Attackers can exploit the stale-secret window to deliver webhook events after operator-expected secret revocation,...

6.5CVSS0.00207EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 9:56 p.m.8 views

CVE-2026-53830 OpenClaw < 2026.4.22 - Webhook Secret Revocation Bypass via secrets.reload

OpenClaw before 2026.4.22 contains a webhook secret revocation bypass vulnerability allowing callers with old Slack and Zalo webhook secrets to remain active after secrets.reload. Attackers can exploit the stale-secret window to deliver webhook events after operator-expected secret revocation,...

6.5CVSS5.3AI score0.00207EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.11 views

PT-2026-49034

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.22 Description A webhook secret revocation bypass allows callers using outdated Slack and Zalo webhook secrets to remain active after the secrets.reload function is executed. This creates a stale-secret window...

6.5CVSS5.2AI score0.00207EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/05 6:42 p.m.11 views

Insufficient Session Expiration

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insufficient Session Expiration in the webhook authentication process. An attacker can continue to access protected webhook routes using a previously valid secret even after the secret ha...

7CVSS5.8AI score0.00288EPSS
Exploits0References2
Rows per page
Query Builder