CVE-2026-41406

OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability that allows remote attackers to access restricted messages. Attackers can exploit fetched quoted, root, and thread context messages to bypass sender allowlist restrictions and retrieve unauthorized content...

EUVD-2026-26085

OpenClaw before 2026.3.31 contains an allowlist bypass vulnerability in Matrix thread root and reply context handling that fails to properly validate message senders. Attackers can fetch thread-root and reply context messages that should be filtered by sender allowlists, bypassing access controls...

CVE-2026-41376 OpenClaw < 2026.3.31 - Matrix Thread Context Allowlist Bypass via Sender Validation

OpenClaw before 2026.3.31 contains an allowlist bypass vulnerability in Matrix thread root and reply context handling that fails to properly validate message senders. Attackers can fetch thread-root and reply context messages that should be filtered by sender allowlists, bypassing access controls...

CVE-2026-41376 OpenClaw < 2026.3.31 - Matrix Thread Context Allowlist Bypass via Sender Validation

OpenClaw before 2026.3.31 contains an allowlist bypass vulnerability in Matrix thread root and reply context handling that fails to properly validate message senders. Attackers can fetch thread-root and reply context messages that should be filtered by sender allowlists, bypassing access controls...

CVE-2026-41376

OpenClaw before 2026.3.31 contains an allowlist bypass vulnerability in Matrix thread root and reply context handling that fails to properly validate message senders. Attackers can fetch thread-root and reply context messages that should be filtered by sender allowlists, bypassing access controls...

CVE-2026-41376

OpenClaw (npm) is affected up to version = 2026.3.31 is recommended. If upgrading is not feasible, consider mitigating controls around thread context handling and sender validation until a patch is applied. Note that public advisories confirm the vulnerability exists in shipped releases prior to ...

Spring gRPC SecurityContext leaks across requests upon authorization failure

When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions:...

GHSA-4G9C-3X4P-MFPP Spring gRPC SecurityContext leaks across requests upon authorization failure

When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions:...

CVE-2026-40968

When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions:...

CVE-2026-40968

When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions:...

EUVD-2026-26054

When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions:...

CVE-2026-40968 Spring gRPC SecurityContext leaks across requests on authorization failure

When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions:...

CVE-2026-40968 Spring gRPC SecurityContext leaks across requests on authorization failure

When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions:...

freerdp: FreeRDP: Denial of Service via use-after-free in AUDIN format renegotiation

A use after free flaw was found in FreeRDP. AUDIN format renegotiation frees the active format list while the capture thread continues using audin-format, leading to a use after free in audioformatcompatible. A malicious server can trigger a client‑side heap use after free causing a crash...

freerdp: FreeRDP has a Heap-use-after-free in play_thread

A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave...

GHSA-8PF2-VJ79-4WXG Duplicate Advisory: OpenClaw: MSTeams thread history bypasses sender allowlist via Graph API

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-chfm-xgc4-47rj. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability in MS Teams thread history fetched via Gra...

Duplicate Advisory: OpenClaw: MSTeams thread history bypasses sender allowlist via Graph API

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-chfm-xgc4-47rj. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability in MS Teams thread history fetched via Gra...

CVE-2026-41365

OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability in MS Teams thread history fetched via Graph API. Attackers can retrieve thread messages that should be filtered by sender allowlists, bypassing message filtering restrictions...

PT-2026-35789

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description A sender allowlist bypass allows remote attackers to access restricted messages. This is achieved by exploiting fetched quoted, root, and thread context messages to circumvent restrictions and...

OpenClaw 访问控制错误漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained a access control vulnerability. This vulnerability stemmed from a bypass of the allowlist in the Matrix thread root and in the handling of reply contexts, resulting...