Lucene search
K

5 matches found

EUVD
EUVD
added 2026/04/24 12:31 a.m.6 views

EUVD-2026-25343

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence settings via the send endpoint. Attackers with operator.write credentials can exploit insufficient acce...

7.1CVSS5.8AI score0.00232EPSS
Exploits0References4
OSV
OSV
added 2026/04/24 12:31 a.m.4 views

GHSA-394X-274P-MQC6 Duplicate Advisory: OpenClaw: Gateway operator.write Can Reach Admin-Class Telegram Config and Cron Persistence via send

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-767m-xrhc-fxm7. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write...

7.1CVSS5.7AI score0.00232EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/23 9:58 p.m.4 views

CVE-2026-41359 OpenClaw < 2026.3.28 - Privilege Escalation via operator.write to Admin-Class Telegram Config and Cron Persistence

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence settings via the send endpoint. Attackers with operator.write credentials can exploit insufficient acce...

7.1CVSS5.2AI score0.00232EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.4 views

PT-2026-34790

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence settings via the send endpoint. Attackers with operator.write credentials can exploit insufficient acce...

7.1CVSS5.8AI score0.00232EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/07 6:11 p.m.4 views

Improper Privilege Management

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management in the operator.write process. An attacker can gain unauthorized access to admin-level Telegram configuration and cron persistence by sending crafted request...

8.8CVSS5.8AI score0.00232EPSS
Exploits0References2
Rows per page
Query Builder