11 matches found
CVE-2026-41382
OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord voice ingress that allows attackers to bypass channel and member allowlist restrictions. Attackers can exploit stale-role validation gaps and improper channel name validation to gain unauthorized access to...
CVE-2026-41382
OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord voice ingress that allows attackers to bypass channel and member allowlist restrictions. Attackers can exploit stale-role validation gaps and improper channel name validation to gain unauthorized access to...
CVE-2026-41382 OpenClaw < 2026.3.31 - Discord Voice Ingress Authorization Bypass via Channel and Role Validation Gaps
OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord voice ingress that allows attackers to bypass channel and member allowlist restrictions. Attackers can exploit stale-role validation gaps and improper channel name validation to gain unauthorized access to...
EUVD-2026-26091
OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord voice ingress that allows attackers to bypass channel and member allowlist restrictions. Attackers can exploit stale-role validation gaps and improper channel name validation to gain unauthorized access to...
CVE-2026-41382
OpenClaw npm package contains an authorization bypass vulnerability in Discord voice ingress prior to version 2026.3.31. The issue stems from channel and member allowlist validation gaps, including stale-role validation and improper channel name validation, enabling access to restricted voice cha...
CVE-2026-41381
OpenClaw before 2026.3.31 contains an access control bypass vulnerability in the Discord voice manager that allows attackers to bypass channel-level member access allowlist restrictions. Attackers can send Discord voice ingress requests before channel allowlist authorization is performed, gaining...
PT-2026-35767
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description An authorization bypass exists in the Discord voice ingress. This issue allows attackers to circumvent channel and member allowlist restrictions by exploiting improper channel name validation an...
Missing Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization in the Discord voice ingress authorization process. An attacker can gain unauthorized access to restricted voice channels by exploiting gaps in channel, name, and...
GHSA-X2M8-53H4-6HCH OpenClaw: Discord voice ingress authorization can be bypassed via channel, name, and stale-role validation gaps
Summary Discord voice ingress authorization can be bypassed via channel, name, and stale-role validation gaps Current Maintainer Triage - Status: narrow - Assessment: Real in shipped v2026.3.28 Discord voice ingress, but impact is channel/member allowlist bypass rather than a broader critical aut...
OpenClaw: Discord voice ingress authorization can be bypassed via channel, name, and stale-role validation gaps
Summary Discord voice ingress authorization can be bypassed via channel, name, and stale-role validation gaps Current Maintainer Triage - Status: narrow - Assessment: Real in shipped v2026.3.28 Discord voice ingress, but impact is channel/member allowlist bypass rather than a broader critical aut...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the Discord voice ingress process. An attacker can gain unauthorized access to voice channels by bypassing the channel-level member access allowlist. Remediatio...