โ† All reports

OpenClaw before version 2026.3.28 has a vulnerability that allows unauthorized access through the chat.send gateway method.

CybersecurityTechnologyConflictInformation SecurityApr 21, 2026score 0.173 posts ยท 0 replies across 1 instances
This thread discusses multiple vulnerabilities in the OpenClaw software, highlighting security issues such as authorization bypass, trust-decline, and insecure communication protocols. These vulnerabilities pose risks to system security and data integrity.

Claims

OpenClaw before version 2026.3.28 has a vulnerability that allows unauthorized access through the chat.send gateway method.
Parent: CybersecurityEntity: OpenClawImpact: negativeDate: Apr 21, 2026Target: OpenClaw's security measures
OpenClaw before version 2026.3.31 has a vulnerability that allows attackers to route gateway credentials to malicious endpoints.
Parent: CybersecurityEntity: OpenClawImpact: negativeDate: Apr 21, 2026Target: OpenClaw's security measures
OpenClaw before version 2026.4.2 transmits stored gateway credentials over unencrypted connections, allowing attackers to redirect clients to malicious endpoints.
Parent: CybersecurityEntity: OpenClawImpact: negativeDate: Apr 21, 2026Target: OpenClaw's security measures

Source posts

@[email protected]
๐Ÿšจ EUVD-2026-24006 ๐Ÿ“Š Score: 7.1/10 (CVSS v3.1) ๐Ÿ“ฆ Product: OpenClaw, OpenClaw ๐Ÿข Vendor: OpenClaw ๐Ÿ“… Updated: 2026-04-20 ๐Ÿ“ OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway method where ACP-only provenance fields are gated by self-declared client metadata from WebSocket handshake rather than verified authorization state... ๐Ÿ”— https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-24006 #cybersecurity #infosec #euvd #cve #vulnerability
1 boosts ยท 0 favs ยท 0 replies ยท Apr 21, 2026
#cybersecurity#infosec#euvd#cve#vulnerability
@[email protected]
๐Ÿšจ EUVD-2026-24008 ๐Ÿ“Š Score: 6.9/10 (CVSS v3.1) ๐Ÿ“ฆ Product: OpenClaw, OpenClaw ๐Ÿข Vendor: OpenClaw ๐Ÿ“… Updated: 2026-04-20 ๐Ÿ“ OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboarding flows. Attackers can route gateway credentials to malicious endpoints by having their discovered URL survive the tr... ๐Ÿ”— https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-24008 #cybersecurity #infosec #euvd #cve #vulnerability
1 boosts ยท 0 favs ยท 0 replies ยท Apr 21, 2026
#cybersecurity#infosec#euvd#cve#vulnerability
@[email protected]
๐Ÿšจ EUVD-2026-23995 ๐Ÿ“Š Score: 5.9/10 (CVSS v3.1) ๐Ÿ“ฆ Product: OpenClaw, OpenClaw ๐Ÿข Vendor: OpenClaw ๐Ÿ“… Updated: 2026-04-20 ๐Ÿ“ OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over unencrypted connections. Attackers can forge discovery results or craft setup codes to redirect clients to malicious end... ๐Ÿ”— https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23995 #cybersecurity #infosec #euvd #cve #vulnerability
1 boosts ยท 0 favs ยท 0 replies ยท Apr 21, 2026
#cybersecurity#infosec#euvd#cve#vulnerability