Monthly
OpenClaw before version 2026.3.25 contains an authentication bypass vulnerability in the raw card send surface that allows unauthenticated remote attackers to send malformed card commands, bypassing DM pairing restrictions and reaching callback handlers without proper authorization. This enables unpaired recipients to mint legacy callback payloads, resulting in integrity compromise of the messaging protocol. No public exploit code or active exploitation has been confirmed, but the low attack complexity and network accessibility make this a practical vulnerability.
OpenClaw before 2026.3.25 allows remote attackers to bypass Telegram direct message pairing requirements and mutate session state through weaker callback-only authorization mechanisms. An unauthenticated attacker can craft malicious Telegram callback queries in direct messages to modify session state without satisfying the normal DM pairing security controls, resulting in unauthorized state modification with CVSS 5.3 (medium severity).
OpenClaw before version 2026.3.25 allows unauthenticated remote attackers to bypass sender allowlist checks in Microsoft Teams feedback invoke endpoints, enabling unauthorized recording of session feedback. The vulnerability exploits improper authorization logic in feedback processing, granting attackers the ability to trigger feedback recording or reflection operations that should be restricted to authorized senders. No public exploit code has been identified at the time of analysis.
OpenClaw before version 2026.3.25 allows unauthenticated remote attackers to bypass direct message policy controls by sending verification notices to users outside configured allowed peer lists. The vulnerability stems from insufficient access validation checks applied to verification notice transmission, enabling attackers to contact users who have restricted direct messaging policies in place. CVSS score of 5.3 reflects moderate integrity impact with low attack complexity and no authentication requirements.
OpenClaw before version 2026.3.25 allows authenticated attackers to bypass authorization controls in mention-gated groups by triggering reaction events that circumvent the requireMention access control mechanism, enabling them to enqueue agent-visible system events that should remain restricted. This medium-severity vulnerability (CVSS 5.3) affects the integrity of group-based access policies and requires user interaction at the network level but leverages low privilege requirements.
OpenClaw before version 2026.3.23 contains an authentication bypass in the Canvas gateway where the authorizeCanvasRequest() function unconditionally allows local-direct requests without validating bearer tokens or Canvas capabilities, enabling unauthenticated attackers on the local system to send loopback HTTP and WebSocket requests to bypass authentication and access Canvas routes. The vulnerability requires local network access but no prior authentication, affecting all versions prior to the patched release.
Unauthenticated account creation bypass in megagao production_ssm v1.0 allows remote attackers to create super administrator accounts via direct API access to /user/insert endpoint. The UserController.java insert() method processes account creation requests without authentication enforcement (CVSS vector PR:N confirms unauthenticated access). Successful exploitation grants full administrative control, enabling attackers to compromise confidentiality, integrity, and availability of the entire application. No public exploit identified at time of analysis.
Authentication bypass in OpenAirInterface V2.2.0 Access Management Function (AMF) allows unauthenticated remote attackers to register unauthorized User Equipment (UE) devices on 5G core networks. Exploiting incorrect state machine transitions during UE registration, attackers send SecurityModeComplete messages after InitialUERegistration to trigger registration acceptance without completing proper authentication procedures. This grants full network access to malicious devices, enabling unauthorized subscriber services consumption, interception of traffic, and potential lateral movement within 5G infrastructure. No public exploit identified at time of analysis.
Authentication bypass in Kaleris Yard Management System (YMS) v7.2.2.1 enables unauthenticated remote attackers to completely circumvent login verification and gain unauthorized access to application resources with full confidentiality, integrity, and availability impact. The vulnerability has a 9.8 CVSS score with network-based attack vector requiring no privileges or user interaction. Currently tracked at 2% EPSS (5th percentile) with no confirmed active exploitation (not in CISA KEV), though a public proof-of-concept repository exists on GitHub, significantly elevating exploitation risk for this critical authentication flaw.
Authentication bypass in badlogic pi-mono up to version 0.58.4 allows authenticated attackers to escalate privileges or access unauthorized Slack channels via the pi-mom Slack Bot component. The vulnerability stems from improper authentication validation in the Slack channel routing logic and can be exploited remotely by users with existing access to the system. Public exploit code is available, and the vendor has not responded to disclosure attempts, making this an active security concern for deployed instances.
OpenClaw before version 2026.3.25 contains an authentication bypass vulnerability in the raw card send surface that allows unauthenticated remote attackers to send malformed card commands, bypassing DM pairing restrictions and reaching callback handlers without proper authorization. This enables unpaired recipients to mint legacy callback payloads, resulting in integrity compromise of the messaging protocol. No public exploit code or active exploitation has been confirmed, but the low attack complexity and network accessibility make this a practical vulnerability.
OpenClaw before 2026.3.25 allows remote attackers to bypass Telegram direct message pairing requirements and mutate session state through weaker callback-only authorization mechanisms. An unauthenticated attacker can craft malicious Telegram callback queries in direct messages to modify session state without satisfying the normal DM pairing security controls, resulting in unauthorized state modification with CVSS 5.3 (medium severity).
OpenClaw before version 2026.3.25 allows unauthenticated remote attackers to bypass sender allowlist checks in Microsoft Teams feedback invoke endpoints, enabling unauthorized recording of session feedback. The vulnerability exploits improper authorization logic in feedback processing, granting attackers the ability to trigger feedback recording or reflection operations that should be restricted to authorized senders. No public exploit code has been identified at the time of analysis.
OpenClaw before version 2026.3.25 allows unauthenticated remote attackers to bypass direct message policy controls by sending verification notices to users outside configured allowed peer lists. The vulnerability stems from insufficient access validation checks applied to verification notice transmission, enabling attackers to contact users who have restricted direct messaging policies in place. CVSS score of 5.3 reflects moderate integrity impact with low attack complexity and no authentication requirements.
OpenClaw before version 2026.3.25 allows authenticated attackers to bypass authorization controls in mention-gated groups by triggering reaction events that circumvent the requireMention access control mechanism, enabling them to enqueue agent-visible system events that should remain restricted. This medium-severity vulnerability (CVSS 5.3) affects the integrity of group-based access policies and requires user interaction at the network level but leverages low privilege requirements.
OpenClaw before version 2026.3.23 contains an authentication bypass in the Canvas gateway where the authorizeCanvasRequest() function unconditionally allows local-direct requests without validating bearer tokens or Canvas capabilities, enabling unauthenticated attackers on the local system to send loopback HTTP and WebSocket requests to bypass authentication and access Canvas routes. The vulnerability requires local network access but no prior authentication, affecting all versions prior to the patched release.
Unauthenticated account creation bypass in megagao production_ssm v1.0 allows remote attackers to create super administrator accounts via direct API access to /user/insert endpoint. The UserController.java insert() method processes account creation requests without authentication enforcement (CVSS vector PR:N confirms unauthenticated access). Successful exploitation grants full administrative control, enabling attackers to compromise confidentiality, integrity, and availability of the entire application. No public exploit identified at time of analysis.
Authentication bypass in OpenAirInterface V2.2.0 Access Management Function (AMF) allows unauthenticated remote attackers to register unauthorized User Equipment (UE) devices on 5G core networks. Exploiting incorrect state machine transitions during UE registration, attackers send SecurityModeComplete messages after InitialUERegistration to trigger registration acceptance without completing proper authentication procedures. This grants full network access to malicious devices, enabling unauthorized subscriber services consumption, interception of traffic, and potential lateral movement within 5G infrastructure. No public exploit identified at time of analysis.
Authentication bypass in Kaleris Yard Management System (YMS) v7.2.2.1 enables unauthenticated remote attackers to completely circumvent login verification and gain unauthorized access to application resources with full confidentiality, integrity, and availability impact. The vulnerability has a 9.8 CVSS score with network-based attack vector requiring no privileges or user interaction. Currently tracked at 2% EPSS (5th percentile) with no confirmed active exploitation (not in CISA KEV), though a public proof-of-concept repository exists on GitHub, significantly elevating exploitation risk for this critical authentication flaw.
Authentication bypass in badlogic pi-mono up to version 0.58.4 allows authenticated attackers to escalate privileges or access unauthorized Slack channels via the pi-mom Slack Bot component. The vulnerability stems from improper authentication validation in the Slack channel routing logic and can be exploited remotely by users with existing access to the system. Public exploit code is available, and the vendor has not responded to disclosure attempts, making this an active security concern for deployed instances.