4 matches found
Exploit for CVE-2026-41303
🔐 CVE-2026-41303: Authorization Bypass en OpenClaw Discord Bot...
CVE-2026-41303
OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval commands that allows non-approvers to resolve pending exec approvals. Attackers can send Discord text commands to bypass the channels.discord.execApprovals.approvers allowlist and approve pending hos...
CVE-2026-41303 OpenClaw < 2026.3.28 - Authorization Bypass in Discord Text Approval Commands
OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval commands that allows non-approvers to resolve pending exec approvals. Attackers can send Discord text commands to bypass the channels.discord.execApprovals.approvers allowlist and approve pending hos...
OpenClaw: Discord text `/approve` bypasses `channels.discord.execApprovals.approvers` and allows non-approvers to resolve pending exec approvals
Summary Discord text approval commands resolved pending exec approvals without honoring the configured approver allowlist. Impact A Discord user who was allowed to send commands but was not in the approver list could still approve pending host execution. Affected Component...