Lucene search
K

7 matches found

NVD
NVD
added 2026/06/11 9:16 p.m.9 views

CVE-2026-53807

OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that allows authenticated users to skip commands.allowFrom validation. Attackers can invoke affected callbacks to mark themselves as authorized senders before allowlist checks are applied,...

8.8CVSS0.00312EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/11 8:5 p.m.30 views

CVE-2026-53807 OpenClaw < 2026.5.6 - Authorization Bypass in Telegram Interactive Callbacks via commands.allowFrom

OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that allows authenticated users to skip commands.allowFrom validation. Attackers can invoke affected callbacks to mark themselves as authorized senders before allowlist checks are applied,...

8.8CVSS0.00312EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 8:5 p.m.10 views

CVE-2026-53807 OpenClaw < 2026.5.6 - Authorization Bypass in Telegram Interactive Callbacks via commands.allowFrom

OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that allows authenticated users to skip commands.allowFrom validation. Attackers can invoke affected callbacks to mark themselves as authorized senders before allowlist checks are applied,...

8.8CVSS5.2AI score0.00312EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 8:5 p.m.12 views

EUVD-2026-36313

OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that allows authenticated users to skip commands.allowFrom validation. Attackers can invoke affected callbacks to mark themselves as authorized senders before allowlist checks are applied,...

8.8CVSS5.5AI score0.00312EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.12 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.6 contained security vulnerabilities. These vulnerabilities stemmed from authorization bypass in Telegram interaction callbacks, allowing authenticated users to bypass the...

8.8CVSS5.4AI score0.00312EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.12 views

PT-2026-48737

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.6 Description An authorization bypass exists in Telegram interactive callbacks. Authenticated users can bypass the commands.allowFrom validation by invoking affected callbacks to mark themselves as authorized...

8.8CVSS5.5AI score0.00312EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/10 4:3 p.m.3 views

CVE-2026-35661 OpenClaw < 2026.3.25 - Telegram DM-Scoped Inline Button Callback Authorization Bypass

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Telegram callback query handling that allows attackers to mutate session state without satisfying normal DM pairing requirements. Remote attackers can exploit weaker callback-only authorization in direct messages to bypas...

6.9CVSS5.8AI score0.00285EPSS
Exploits0References3
Rows per page
Query Builder