← Retour aux CVEs
CVE-2026-26328
MEDIUM6.5
Description
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, under iMessage `groupPolicy=allowlist`, group authorization could be satisfied by sender identities coming from the DM pairing store, broadening DM trust into group contexts. Version 2026.2.14 fixes the issue.
Details CVE
Score CVSS v3.16.5
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie2/20/2026
Derniere modification2/26/2026
Sourcenvd
Observations honeypot0
Produits affectes
openclaw:openclaw
Faiblesses (CWE)
CWE-284CWE-863
References
https://github.com/openclaw/openclaw/commit/872079d42fe105ece2900a1dd6ab321b92da2d59(security-advisories@github.com)
https://github.com/openclaw/openclaw/releases/tag/v2026.2.14(security-advisories@github.com)
https://github.com/openclaw/openclaw/security/advisories/GHSA-g34w-4xqq-h79m(security-advisories@github.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.