Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the browser debug and export routes. An attacker can access sensitive internal resources by reusing already-open blocked tabs to export or inspect content that...

CVE-2026-34507

OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authenticated senders to skip DM-only and allowFrom policy checks. Attackers can route admin commands from unauthorized senders or contexts to execute restricted behavior that policy should have...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.29 contained security vulnerabilities. These vulnerabilities stemmed from a strategy-bypass vulnerability in QQBot administrator commands, which allowed authenticated senders to...

@0xwork/connect (>=0.1.0 <=0.1.7), @agentholdings/agent-passport (>=0.1.0 <=0.1.5) +22 more potentially affected by CVE-2026-43576 via openclaw (>=2026.3.22 <=2026.4.29)

openclaw NPM version =2026.3.22, =0.1.0, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =0.0.0, =27.2.5, =1.1.0, =2.1.3, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =0.2.18 and more Source cves: CVE-2026-43576 Source advisory: SNYK:JS-OPENCLAW-16109735...