4 matches found
EUVD-2026-36621
OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows authenticated senders to mutate configuration without explicit allowFrom restrictions. Attackers can modify QQBot streaming configuration outside intended admin policy by reaching t...
User Impersonation
Overview @openclaw/qqbot is an OpenClaw QQ Bot channel plugin for group and direct-message workflows. Affected versions of this package are vulnerable to User Impersonation in the QQBot streaming command. An attacker can alter configuration settings by accessing the command without meeting explic...
User Impersonation
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to User Impersonation in the QQBot streaming command. An attacker can alter configuration settings by accessing the command without meeting explicit allowlist entry requirements. Remediation...
CVE-2026-53833 QQBot for OpenClaw < 2026.4.29 - Authorization Bypass via QQBot Streaming Command
OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows authenticated senders to mutate configuration without explicit allowFrom restrictions. Attackers can modify QQBot streaming configuration outside intended admin policy by reaching t...