Skip to main content

Qqbot

1 CVEs product

Monthly

CVE-2026-53833 npm HIGH PATCH This Week

Authorization bypass in OpenClaw versions prior to 2026.4.29 allows authenticated QQBot senders to modify streaming configuration without satisfying the intended allowFrom allowlist policy, when those entries lack non-wildcard restrictions. The flaw stems from missing identity verification on the QQBot streaming command path (CWE-290) and was reported by VulnCheck; no public exploit identified at time of analysis.

Authentication Bypass Qqbot
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.0%
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Authorization bypass in OpenClaw versions prior to 2026.4.29 allows authenticated QQBot senders to modify streaming configuration without satisfying the intended allowFrom allowlist policy, when those entries lack non-wildcard restrictions. The flaw stems from missing identity verification on the QQBot streaming command path (CWE-290) and was reported by VulnCheck; no public exploit identified at time of analysis.

Authentication Bypass Qqbot
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy