Lucene search
K

61 matches found

Vulnrichment
Vulnrichment
added 2026/04/10 4:3 p.m.3 views

CVE-2026-35670 OpenClaw < 2026.3.22 - Webhook Reply Rebinding via Username Resolution in Synology Chat

OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies to unintended users by exploiting mutable username matching instead of stable numeric user identifiers. Attackers can manipulate username changes to redirect webhook-triggered...

6CVSS5.8AI score0.00236EPSS
Exploits0References4
CVE
CVE
added 2026/04/10 4:3 p.m.12 views

CVE-2026-35670

OpenClaw/OpenClaw Synology Chat integration is affected: before 2026.3.22, webhook replies can be rebound to unintended users due to mutable username matching instead of the stable numeric user_id recorded by webhook events. This enables attackers to manipulate username changes to redirect webhoo...

8.1CVSS5.8AI score0.00236EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/10 12:30 a.m.3 views

GHSA-G8MC-C5F2-MQG7 Duplicate Advisory: OpenClaw Bypasses DM Policy Separation via Synology Chat Webhook Path Collision

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rqp8-q22p-5j9q This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Chat extension that...

6.3CVSS5.8AI score0.00245EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/10 12:30 a.m.4 views

EUVD-2026-21126

OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Chat extension that allows attackers to collapse multi-account configurations onto shared webhook paths. Attackers can exploit inherited or duplicate webhook paths to bypass per-account DM access...

6.3CVSS6AI score0.00245EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/10 12:30 a.m.8 views

Duplicate Advisory: OpenClaw: Synology Chat Webhook Pre-Auth Rate-Limit Bypass Enables Brute-Force Guessing of Webhook Token

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mf5g-6r6f-ghhm. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook token validation...

6.5CVSS5.7AI score0.00244EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/10 12:30 a.m.7 views

Duplicate Advisory: OpenClaw Bypasses DM Policy Separation via Synology Chat Webhook Path Collision

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rqp8-q22p-5j9q This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Chat extension that...

6.5CVSS5.8AI score0.00245EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/04/09 10:16 p.m.10 views

CVE-2026-35635

OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Chat extension that allows attackers to collapse multi-account configurations onto shared webhook paths. Attackers can exploit inherited or duplicate webhook paths to bypass per-account DM access...

6.5CVSS0.00245EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/09 9:27 p.m.17 views

CVE-2026-35635 OpenClaw < 2026.3.22 - Webhook Path Route Replacement Vulnerability in Synology Chat

OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Chat extension that allows attackers to collapse multi-account configurations onto shared webhook paths. Attackers can exploit inherited or duplicate webhook paths to bypass per-account DM access...

6.3CVSS0.00245EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/09 9:27 p.m.3 views

CVE-2026-35635 OpenClaw < 2026.3.22 - Webhook Path Route Replacement Vulnerability in Synology Chat

OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Chat extension that allows attackers to collapse multi-account configurations onto shared webhook paths. Attackers can exploit inherited or duplicate webhook paths to bypass per-account DM access...

6.3CVSS5.8AI score0.00245EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:27 p.m.1 views

CVE-2026-35635

OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Chat extension that allows attackers to collapse multi-account configurations onto shared webhook paths. Attackers can exploit inherited or duplicate webhook paths to bypass per-account DM access...

6.3CVSS6AI score0.00245EPSS
Exploits0References5
CVE
CVE
added 2026/04/09 9:27 p.m.19 views

CVE-2026-35635

OpenClaw

6.5CVSS6AI score0.00245EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.7 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities were caused by a problem with the Webhook path routing in the Synology Chat extension, which could lead to bypassing...

6.5CVSS5.8AI score0.00245EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.6 views

PT-2026-31770

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.22 Description OpenClaw before version 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Chat extension. This allows attackers to collapse multi-account configurations onto shar...

6.3CVSS5.8AI score0.00245EPSS
Exploits0References8
OSV
OSV
added 2026/03/29 3:50 p.m.3 views

GHSA-MF5G-6R6F-GHHM OpenClaw: Synology Chat Webhook Pre-Auth Rate-Limit Bypass Enables Brute-Force Guessing of Webhook Token

Summary Synology Chat Webhook Pre-Auth Rate-Limit Bypass Enables Brute-Force Guessing of Weak Webhook Token Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details...

6.3CVSS5.9AI score0.00244EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/29 3:50 p.m.10 views

OpenClaw: Synology Chat Webhook Pre-Auth Rate-Limit Bypass Enables Brute-Force Guessing of Webhook Token

Summary Synology Chat Webhook Pre-Auth Rate-Limit Bypass Enables Brute-Force Guessing of Weak Webhook Token Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details...

6.5CVSS5.9AI score0.00244EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/03/26 9:45 p.m.4 views

Improper Authorization

Overview @openclaw/synology-chat is a Synology Chat channel plugin for OpenClaw Affected versions of this package are vulnerable to Improper Authorization in the webhook process. An attacker can gain unauthorized access to direct message policies by exploiting a path collision in the multi-accoun...

7.2CVSS5.9AI score0.00245EPSS
Exploits0References2
OSV
OSV
added 2026/03/26 9:45 p.m.3 views

GHSA-RQP8-Q22P-5J9Q OpenClaw Bypasses DM Policy Separation via Synology Chat Webhook Path Collision

Summary Synology Chat multi-account configuration could collapse onto a shared webhook path, replacing route ownership and bypassing per-account DM policy separation. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

6.9CVSS5.9AI score0.00245EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/03/26 9:45 p.m.5 views

OpenClaw Bypasses DM Policy Separation via Synology Chat Webhook Path Collision

Summary Synology Chat multi-account configuration could collapse onto a shared webhook path, replacing route ownership and bypassing per-account DM policy separation. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

6.5CVSS5.8AI score0.00245EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/03/26 7:8 p.m.4 views

Use of Incorrectly-Resolved Name or Reference

Overview @openclaw/synology-chat is a Synology Chat channel plugin for OpenClaw Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference via the webhook-handler process. An attacker can redirect message replies to an unintended user by exploiting mutable...

8.1CVSS5.9AI score0.00236EPSS
Exploits0References3
OSV
OSV
added 2026/03/26 7:8 p.m.1 views

GHSA-WV46-V6XC-2QHF OpenClaw: Synology Chat reply delivery could be rebound through username-based user resolution.

Summary Synology Chat reply delivery could rebind to a mutable username match instead of the stable numeric userid recorded by the webhook event. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

6CVSS5.8AI score0.00236EPSS
Exploits0References6
Rows per page
Query Builder