Lucene search
K

7 matches found

Snyk
Snyk
added 2026/02/18 5:45 p.m.6 views

Missing Authentication for Critical Function

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to missing authentication when starting sandbox browser bridge server. An attacker can gain unauthorized access to browser control...

8.5CVSS5.8AI score0.00142EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/18 5:39 p.m.6 views

Command Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via the keychain credential refresh path. An attacker can execute arbitrary OS commands by supplying crafted OAuth tokens that are incorporated into shell command...

8.6CVSS6.1AI score0.012EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/18 12:54 a.m.6 views

User Impersonation

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to User Impersonation in the Telegram allowlist authorization. An attacker can gain unauthorized access by registering or taking over a previously authorized @username and interacting with t...

6.9CVSS5.7AI score0.0021EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/18 12:52 a.m.3 views

Allocation of Resources Without Limits or Throttling

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the extractArchive function in src/infra/archive.ts. An attacker can cause excessive resource consumption by submitting specially...

8.7CVSS5.6AI score0.00436EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/18 12:51 a.m.5 views

Improper Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Authorization via the slash-command handler. An attacker can execute privileged commands by sending direct messages to the bot, bypassing intended allowlist or access-group...

9.8CVSS5.9AI score0.00347EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/17 9:42 p.m.3 views

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the gatewayUrl tool in the Gateway WebSocket client. An attacker can cause the host to initiate outbound WebSocket connections to arbitrary...

7.6CVSS5.8AI score0.00336EPSS
Exploits0References2
OSV
OSV
added 2026/02/17 9:41 p.m.2 views

GHSA-8JPQ-5H99-FF5R OpenClaw has a local file disclosure via sendMediaFeishu in Feishu extension

Summary The Feishu extension previously allowed sendMediaFeishu to treat attacker-controlled mediaUrl values as local filesystem paths and read them directly. Affected versions - = 2026.2.14 Impact If an attacker can influence tool calls directly or via prompt injection, they may be able to...

7.5CVSS5.5AI score0.00482EPSS
Exploits0References5
Rows per page
Query Builder