Lucene search
K

10 matches found

Snyk
Snyk
added 2026/04/03 3:3 a.m.4 views

Improper Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Authorization in the config.patch process. An attacker can gain unauthorized access to privileged actions by silently disabling execution approval mechanisms. Remediation Upgrade...

8.8CVSS6AI score0.00473EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/31 11:59 p.m.2 views

Covert Timing Channel

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Covert Timing Channel via the dispatch-wrapper-resolution.ts and exec-wrapper-resolution.ts processes. An attacker can gain unauthorized code execution by bypassing the intended allowlist...

7.3CVSS6.3AI score0.00117EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/31 11:54 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via unbounded concurrent unauthenticated WebSocket upgrades before session authentication. An attacker can exhaust socket and worker...

5.3CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/03/31 11:51 p.m.1 views

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization via the onboard-remote.ts process. An attacker can gain unauthorized access to gateway credentials and potentially intercept sensitive traffic by leveraging a...

8.1CVSS5.9AI score0.00126EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/31 4:54 p.m.1 views

Brute Force

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Brute Force via the webhook authentication process. An attacker can gain unauthorized access by repeatedly attempting to guess shared secrets without restriction, potentially allowing the...

6.5CVSS5.9AI score0.00365EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/31 4:54 p.m.3 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the policy resolution process in the Google Chat and Zalouser extensions. An attacker can gain unauthorized interaction with bots by exploiting a flaw where...

5.3CVSS5.9AI score0.00297EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/29 3:50 p.m.4 views

Improper Neutralization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Neutralization via the approval prompt process. An attacker can inject malicious ANSI escape sequences into terminal output by supplying crafted tool metadata, potentially spoofi...

5.3CVSS5.9AI score0.0026EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/29 3:50 p.m.2 views

Weak Password Requirements

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Weak Password Requirements due to insufficient rate limiting in the webhook authentication process. An attacker can repeatedly guess weak webhook tokens by sending numerous authentication...

6.9CVSS5.9AI score0.00244EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/29 3:49 p.m.1 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the callback handling process. An attacker can gain unauthorized access to callback functionality by sending specially crafted legacy raw card payloads that...

6.9CVSS5.9AI score0.00276EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/27 10:29 p.m.3 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the gateway shared-auth reconnect process. An attacker can gain elevated privileges and execute arbitrary code by exploiting the auto-approval of scope-upgrade...

9.4CVSS6.2AI score0.00192EPSS
Exploits0References2
Rows per page
Query Builder