Lucene search
+L

5 matches found

osv
osv
added 2026/07/02 5:11 p.m.7 views

GHSA-275C-XPVC-JGFW OpenClaw: Slack and Zalo webhook secrets could remain active after secrets.reload

Summary Slack and Zalo webhook secrets could remain active after secrets.reload. In affected versions, a caller with an old webhook secret during the stale-secret window could keep accepting the previous secret after secrets.reload. This advisory is scoped to the named feature and configuration. ...

6.3CVSS6AI score0.00207EPSS
Exploits0References2
euvd
euvd
added 2026/06/13 12:34 a.m.14 views

EUVD-2026-36618

OpenClaw before 2026.4.22 contains a webhook secret revocation bypass vulnerability allowing callers with old Slack and Zalo webhook secrets to remain active after secrets.reload. Attackers can exploit the stale-secret window to deliver webhook events after operator-expected secret revocation,...

6.5CVSS5.2AI score0.00207EPSS
Exploits0References3
nvd
nvd
added 2026/06/12 10:16 p.m.16 views

CVE-2026-53830

OpenClaw before 2026.4.22 contains a webhook secret revocation bypass vulnerability allowing callers with old Slack and Zalo webhook secrets to remain active after secrets.reload. Attackers can exploit the stale-secret window to deliver webhook events after operator-expected secret revocation,...

6.5CVSS0.00207EPSS
Exploits0References2
osv
osv
added 2026/06/12 9:56 p.m.4 views

CVE-2026-53830 OpenClaw < 2026.4.22 - Webhook Secret Revocation Bypass via secrets.reload

OpenClaw before 2026.4.22 contains a webhook secret revocation bypass vulnerability allowing callers with old Slack and Zalo webhook secrets to remain active after secrets.reload. Attackers can exploit the stale-secret window to deliver webhook events after operator-expected secret revocation,...

6CVSS5.9AI score0.00207EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/12 12:0 a.m.16 views

PT-2026-49034

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.22 Description A webhook secret revocation bypass allows callers using outdated Slack and Zalo webhook secrets to remain active after the secrets.reload function is executed. This creates a stale-secret window...

6.5CVSS5.2AI score0.00207EPSS
Exploits0References5
Rows per page
Query Builder