Lucene search
K

4 matches found

CVE
CVE
added 2026/04/23 9:58 p.m.21 views

CVE-2026-41359

OpenClaw prior to version 2026.3.28 contains a privilege escalation vulnerability. Authenticated operators with write permissions can access admin-class Telegram configuration and cron persistence settings via the send endpoint due to insufficient access controls. The CVE entry notes a CVSS v3.1/...

8.8CVSS5.8AI score0.00232EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/23 9:58 p.m.36 views

CVE-2026-41359 OpenClaw < 2026.3.28 - Privilege Escalation via operator.write to Admin-Class Telegram Config and Cron Persistence

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence settings via the send endpoint. Attackers with operator.write credentials can exploit insufficient acce...

7.1CVSS0.00232EPSS
Exploits0References3
OSV
OSV
added 2026/04/07 6:11 p.m.4 views

GHSA-767M-XRHC-FXM7 OpenClaw: Gateway operator.write Can Reach Admin-Class Telegram Config and Cron Persistence via send

Summary Gateway operator.write Can Reach Admin-Class Telegram Config and Cron Persistence via send Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Real shipped operator.write to admin-class Telegram config or cron persistence bug, but it is an authenticated...

7.1CVSS5.8AI score0.00232EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/07 6:11 p.m.6 views

OpenClaw: Gateway operator.write Can Reach Admin-Class Telegram Config and Cron Persistence via send

Summary Gateway operator.write Can Reach Admin-Class Telegram Config and Cron Persistence via send Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: Real shipped operator.write to admin-class Telegram config or cron persistence bug, but it is an authenticated...

8.8CVSS5.9AI score0.00232EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder