Lucene search
K

10 matches found

Snyk
Snyk
added 2026/03/04 7:44 p.m.3 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the isAllowedParsedChatSender process. An attacker can gain unauthorized access to direct messaging or reaction features by sending messages from an untrusted...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/03 11:13 p.m.4 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the system.run process. An attacker can execute unauthorized commands by bypassing allowlist restrictions through wrapper binaries such as env or shell-dispatc...

8.8CVSS5.9AI score0.00419EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/03 11:9 p.m.6 views

Symlink Attack

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Symlink Attack via the ZIP extraction process when a pre-existing symlink exists in the destination path. An attacker can write files outside the intended extraction directory by crafting...

7.1CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/03 9:49 p.m.4 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the allowFrom module. An attacker can gain unauthorized access by exploiting slug collisions in Discord name/tag allowlist entries, allowing them to bypass...

8.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/03/03 9:41 p.m.3 views

GHSA-9P38-94JF-HGJJ OpenClaw has macOS `system.run` allowlist bypass via quoted command substitution

Summary In OpenClaw's macOS node-host path, system.run allowlist parsing in security=allowlist mode failed to reject command substitution tokens when they appeared inside double-quoted shell text. Because of that gap, payloads like echo "ok $id" could be treated as allowlist hits first executable...

7.5CVSS6.1AI score0.0063EPSS
Exploits1References5
Snyk
Snyk
added 2026/03/03 7:53 p.m.1 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via system.run when shell line-continuation and command substitution are used to bypass allowlist analysis. An attacker can execute unauthorized commands by crafti...

8.8CVSS6.1AI score0.00439EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/03 6:10 p.m.3 views

Server-side Request Forgery (SSRF)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the bypass of the mediaAllowHosts configuration. An attacker can access internal or unintended network resources by supplying or influencing attachmen...

8.7CVSS6AI score0.00172EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/03 12:20 a.m.7 views

Symlink Attack

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Symlink Attack via the avatar handling. An attacker can access sensitive local files outside the intended workspace by submitting crafted symlink paths to the avatar interface. Remediatio...

7.5CVSS6AI score0.00327EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/02 10:39 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview @openclaw/voice-call is an OpenClaw voice-call plugin Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the media-stream WebSocket upgrades. An attacker can exhaust server resources by establishing multiple unauthenticated pre-sta...

8.7CVSS6AI score0.00426EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/02 10:17 p.m.4 views

Improper Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Authorization in the system.run due to a parsing mismatch in allowlist checks for shell-chain payloads. An attacker can execute unauthorized shell commands on a paired macOS host...

6.4CVSS6AI score0.00291EPSS
Exploits0References3
Rows per page
Query Builder