2 matches found
GHSA-4HPG-MP64-X7XQ OpenClaw: Internal/webchat command auth could inherit ownerAllowFrom wildcard state
Summary Internal/webchat command auth could inherit ownerAllowFrom wildcard state. In affected versions, a sender on an affected internal or webchat path could inherit wildcard ownerAllowFrom state across channel boundaries. This advisory is scoped to the named feature and configuration. It does...
CVE-2026-53854
OpenClaw is affected by a privilege escalation in versions before 2026.4.25. The issue arises from wildcard inheritance of ownerAllowFrom state across channel boundaries in internal and webchat command authentication, allowing a sender to execute owner-like commands outside the intended channel s...