Lucene search
K

6 matches found

Snyk
Snyk
added 2026/05/11 6:11 p.m.10 views

Improper Authentication

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Authentication via the handleBlueBubblesWebhookRequest function. An attacker can gain unauthorized access and potentially compromise confidentiality, integrity, and availability ...

9.8CVSS7.1AI score0.00636EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.14 views

PT-2026-39703

A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component bluebubbles Webhook. Performing a manipulation results in improper authentication. It is possible to...

7.5CVSS6.8AI score0.00636EPSS
Exploits1References10
OSV
OSV
added 2026/03/02 10:43 p.m.4 views

GHSA-JMM5-FVH5-GF4P OpenClaw has non-constant-time token comparison in hooks authentication

Summary OpenClaw hooks previously compared the provided hook token using a regular string comparison. Because this comparison is not constant-time, an attacker with network access to the hooks endpoint could potentially use timing measurements across many requests to gradually infer the token. In...

8.2CVSS5.9AI score0.00386EPSS
Exploits0References5
Snyk
Snyk
added 2026/02/17 9:33 p.m.3 views

Incorrect Authorization

Overview @openclaw/bluebubbles is an OpenClaw BlueBubbles channel plugin Affected versions of this package are vulnerable to Incorrect Authorization via the webhook authentication. An attacker can gain unauthorized access and inject arbitrary webhook events by sending requests from a loopback...

7.5CVSS5.9AI score0.00319EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/17 9:31 p.m.3 views

Missing Authentication for Critical Function

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the HTTP endpoints for profile management. An attacker can read or modify sensitive profile information and persist unauthorized changes t...

8.3CVSS5.8AI score0.0034EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/17 5:9 p.m.4 views

Binding to an Unrestricted IP Address

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Binding to an Unrestricted IP Address via ensureChromeExtensionRelayServer. An attacker can access relay HTTP endpoints from off-host locations by passing a wildcard cdpUrl, potentially...

9.1CVSS5.7AI score0.00396EPSS
Exploits0References2
Rows per page
Query Builder