5 matches found
CVE-2026-28480
OpenClaw versions prior to 2026.2.14 contain an authorization bypass in Telegram allowlist matching: the system authenticates by mutable usernames rather than immutable numeric sender IDs. This enables attackers to spoof identity by recycling usernames and interact with bots as unauthorized sende...
EUVD-2026-9926
OpenClaw versions prior to 2026.2.14 contain an authorization bypass vulnerability where Telegram allowlist matching accepts mutable usernames instead of immutable numeric sender IDs. Attackers can spoof identity by obtaining recycled usernames to bypass allowlist restrictions and interact with...
CVE-2026-28480 OpenClaw < 2026.2.14 - Identity Spoofing via Mutable Username in Telegram Allowlist Authorization
OpenClaw versions prior to 2026.2.14 contain an authorization bypass vulnerability where Telegram allowlist matching accepts mutable usernames instead of immutable numeric sender IDs. Attackers can spoof identity by obtaining recycled usernames to bypass allowlist restrictions and interact with...
CVE-2026-28480 OpenClaw < 2026.2.14 - Identity Spoofing via Mutable Username in Telegram Allowlist Authorization
OpenClaw versions prior to 2026.2.14 contain an authorization bypass vulnerability where Telegram allowlist matching accepts mutable usernames instead of immutable numeric sender IDs. Attackers can spoof identity by obtaining recycled usernames to bypass allowlist restrictions and interact with...
User Impersonation
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to User Impersonation in the Telegram allowlist authorization. An attacker can gain unauthorized access by registering or taking over a previously authorized @username and interacting with t...