TROYANOSYVIRUS
Volver a CVEs

CVE-2026-43583

MEDIUM
5.3

Descripcion

OpenClaw versions 2026.4.10 before 2026.4.14 fail to persist session context during delivery queue recovery for media replay. Attackers can exploit recovered queued outbound media to bypass group tool policy enforcement and weaken channel media restrictions after service restart or recovery.

Detalles CVE

Puntuacion CVSS v3.15.3
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Vector de ataqueNETWORK
ComplejidadHIGH
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado5/6/2026
Ultima modificacion5/7/2026
Fuentenvd
Avistamientos honeypot0

Productos afectados

openclaw:openclaw

Debilidades (CWE)

CWE-862

Referencias

https://github.com/openclaw/openclaw/commit/48aae82bbc19ba8b0741e61a08063eb0d1df464e(disclosure@vulncheck.com)
https://github.com/openclaw/openclaw/security/advisories/GHSA-r77c-2cmr-7p47(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/openclaw-loss-of-group-tool-policy-context-in-delivery-queue-recovery(disclosure@vulncheck.com)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.