← Voltar para CVEs
CVE-2026-26328
MEDIUM6.5
Descricao
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, under iMessage `groupPolicy=allowlist`, group authorization could be satisfied by sender identities coming from the DM pairing store, broadening DM trust into group contexts. Version 2026.2.14 fixes the issue.
Detalhes CVE
Pontuacao CVSS v3.16.5
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado2/20/2026
Ultima modificacao2/26/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
openclaw:openclaw
Fraquezas (CWE)
CWE-284CWE-863
Referencias
https://github.com/openclaw/openclaw/commit/872079d42fe105ece2900a1dd6ab321b92da2d59(security-advisories@github.com)
https://github.com/openclaw/openclaw/releases/tag/v2026.2.14(security-advisories@github.com)
https://github.com/openclaw/openclaw/security/advisories/GHSA-g34w-4xqq-h79m(security-advisories@github.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.