CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-32899

OpenClaw versions prior to 2026.2.25 fail to consistently apply sender-policy checks to reaction_* and pin_* non-message events before adding them to system-event context. Attackers can bypass configured DM policies and channel user allowlists to inject unauthorized reaction and pin events from restricted senders.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 10.5%

CVSS Severity

CVSS v3 Score 4.3

References

Products affected by CVE-2026-32899

Openclaw » Openclaw » Version: 0.1.0

cpe:2.3:a:openclaw:openclaw:0.1.0
Openclaw » Openclaw » Version: 0.1.1

cpe:2.3:a:openclaw:openclaw:0.1.1
Openclaw » Openclaw » Version: 0.1.2

cpe:2.3:a:openclaw:openclaw:0.1.2
Openclaw » Openclaw » Version: 0.1.3

cpe:2.3:a:openclaw:openclaw:0.1.3
Openclaw » Openclaw » Version: 1.0.4

cpe:2.3:a:openclaw:openclaw:1.0.4
Openclaw » Openclaw » Version: 1.1.0

cpe:2.3:a:openclaw:openclaw:1.1.0
Openclaw » Openclaw » Version: 1.2.0

cpe:2.3:a:openclaw:openclaw:1.2.0
Openclaw » Openclaw » Version: 1.2.1

cpe:2.3:a:openclaw:openclaw:1.2.1
Openclaw » Openclaw » Version: 1.2.2

cpe:2.3:a:openclaw:openclaw:1.2.2
Openclaw » Openclaw » Version: 1.3.0

cpe:2.3:a:openclaw:openclaw:1.3.0
Openclaw » Openclaw » Version: 2.0.0

cpe:2.3:a:openclaw:openclaw:2.0.0
Openclaw » Openclaw » Version: 2026.1.10

cpe:2.3:a:openclaw:openclaw:2026.1.10
Openclaw » Openclaw » Version: 2026.1.11

cpe:2.3:a:openclaw:openclaw:2026.1.11
Openclaw » Openclaw » Version: 2026.1.11-1

cpe:2.3:a:openclaw:openclaw:2026.1.11-1
Openclaw » Openclaw » Version: 2026.1.11-2

cpe:2.3:a:openclaw:openclaw:2026.1.11-2
Openclaw » Openclaw » Version: 2026.1.11-3

cpe:2.3:a:openclaw:openclaw:2026.1.11-3
Openclaw » Openclaw » Version: 2026.1.11-4

cpe:2.3:a:openclaw:openclaw:2026.1.11-4
Openclaw » Openclaw » Version: 2026.1.111

cpe:2.3:a:openclaw:openclaw:2026.1.111
Openclaw » Openclaw » Version: 2026.1.112

cpe:2.3:a:openclaw:openclaw:2026.1.112
Openclaw » Openclaw » Version: 2026.1.113

cpe:2.3:a:openclaw:openclaw:2026.1.113
Openclaw » Openclaw » Version: 2026.1.12

cpe:2.3:a:openclaw:openclaw:2026.1.12
Openclaw » Openclaw » Version: 2026.1.12-1

cpe:2.3:a:openclaw:openclaw:2026.1.12-1
Openclaw » Openclaw » Version: 2026.1.12-2

cpe:2.3:a:openclaw:openclaw:2026.1.12-2
Openclaw » Openclaw » Version: 2026.1.122

cpe:2.3:a:openclaw:openclaw:2026.1.122
Openclaw » Openclaw » Version: 2026.1.13

cpe:2.3:a:openclaw:openclaw:2026.1.13
Openclaw » Openclaw » Version: 2026.1.14-1

cpe:2.3:a:openclaw:openclaw:2026.1.14-1
Openclaw » Openclaw » Version: 2026.1.141

cpe:2.3:a:openclaw:openclaw:2026.1.141
Openclaw » Openclaw » Version: 2026.1.15

cpe:2.3:a:openclaw:openclaw:2026.1.15
Openclaw » Openclaw » Version: 2026.1.16-1

cpe:2.3:a:openclaw:openclaw:2026.1.16-1
Openclaw » Openclaw » Version: 2026.1.16-2

cpe:2.3:a:openclaw:openclaw:2026.1.16-2
Openclaw » Openclaw » Version: 2026.1.162

cpe:2.3:a:openclaw:openclaw:2026.1.162
Openclaw » Openclaw » Version: 2026.1.20

cpe:2.3:a:openclaw:openclaw:2026.1.20
Openclaw » Openclaw » Version: 2026.1.20-1

cpe:2.3:a:openclaw:openclaw:2026.1.20-1
Openclaw » Openclaw » Version: 2026.1.20-2

cpe:2.3:a:openclaw:openclaw:2026.1.20-2
Openclaw » Openclaw » Version: 2026.1.21

cpe:2.3:a:openclaw:openclaw:2026.1.21
Openclaw » Openclaw » Version: 2026.1.21-1

cpe:2.3:a:openclaw:openclaw:2026.1.21-1
Openclaw » Openclaw » Version: 2026.1.21-2

cpe:2.3:a:openclaw:openclaw:2026.1.21-2
Openclaw » Openclaw » Version: 2026.1.22

cpe:2.3:a:openclaw:openclaw:2026.1.22
Openclaw » Openclaw » Version: 2026.1.23

cpe:2.3:a:openclaw:openclaw:2026.1.23
Openclaw » Openclaw » Version: 2026.1.23-1

cpe:2.3:a:openclaw:openclaw:2026.1.23-1
Openclaw » Openclaw » Version: 2026.1.24

cpe:2.3:a:openclaw:openclaw:2026.1.24
Openclaw » Openclaw » Version: 2026.1.24-1

cpe:2.3:a:openclaw:openclaw:2026.1.24-1
Openclaw » Openclaw » Version: 2026.1.24-2

cpe:2.3:a:openclaw:openclaw:2026.1.24-2
Openclaw » Openclaw » Version: 2026.1.24-3

cpe:2.3:a:openclaw:openclaw:2026.1.24-3
Openclaw » Openclaw » Version: 2026.1.241

cpe:2.3:a:openclaw:openclaw:2026.1.241
Openclaw » Openclaw » Version: 2026.1.29

cpe:2.3:a:openclaw:openclaw:2026.1.29
Openclaw » Openclaw » Version: 2026.1.30

cpe:2.3:a:openclaw:openclaw:2026.1.30
Openclaw » Openclaw » Version: 2026.1.4

cpe:2.3:a:openclaw:openclaw:2026.1.4
Openclaw » Openclaw » Version: 2026.1.4-1

cpe:2.3:a:openclaw:openclaw:2026.1.4-1
Openclaw » Openclaw » Version: 2026.1.5

cpe:2.3:a:openclaw:openclaw:2026.1.5
Openclaw » Openclaw » Version: 2026.1.5-1

cpe:2.3:a:openclaw:openclaw:2026.1.5-1
Openclaw » Openclaw » Version: 2026.1.5-2

cpe:2.3:a:openclaw:openclaw:2026.1.5-2
Openclaw » Openclaw » Version: 2026.1.5-3

cpe:2.3:a:openclaw:openclaw:2026.1.5-3
Openclaw » Openclaw » Version: 2026.1.51

cpe:2.3:a:openclaw:openclaw:2026.1.51
Openclaw » Openclaw » Version: 2026.1.52

cpe:2.3:a:openclaw:openclaw:2026.1.52
Openclaw » Openclaw » Version: 2026.1.53

cpe:2.3:a:openclaw:openclaw:2026.1.53
Openclaw » Openclaw » Version: 2026.1.8

cpe:2.3:a:openclaw:openclaw:2026.1.8
Openclaw » Openclaw » Version: 2026.1.8-1

cpe:2.3:a:openclaw:openclaw:2026.1.8-1
Openclaw » Openclaw » Version: 2026.1.8-2

cpe:2.3:a:openclaw:openclaw:2026.1.8-2
Openclaw » Openclaw » Version: 2026.1.9

cpe:2.3:a:openclaw:openclaw:2026.1.9
Openclaw » Openclaw » Version: 2026.2.0

cpe:2.3:a:openclaw:openclaw:2026.2.0
Openclaw » Openclaw » Version: 2026.2.1

cpe:2.3:a:openclaw:openclaw:2026.2.1
Openclaw » Openclaw » Version: 2026.2.12

cpe:2.3:a:openclaw:openclaw:2026.2.12
Openclaw » Openclaw » Version: 2026.2.13

cpe:2.3:a:openclaw:openclaw:2026.2.13
Openclaw » Openclaw » Version: 2026.2.14

cpe:2.3:a:openclaw:openclaw:2026.2.14
Openclaw » Openclaw » Version: 2026.2.15

cpe:2.3:a:openclaw:openclaw:2026.2.15
Openclaw » Openclaw » Version: 2026.2.17

cpe:2.3:a:openclaw:openclaw:2026.2.17
Openclaw » Openclaw » Version: 2026.2.17.2

cpe:2.3:a:openclaw:openclaw:2026.2.17.2
Openclaw » Openclaw » Version: 2026.2.19

cpe:2.3:a:openclaw:openclaw:2026.2.19
Openclaw » Openclaw » Version: 2026.2.19-1

cpe:2.3:a:openclaw:openclaw:2026.2.19-1
Openclaw » Openclaw » Version: 2026.2.19-2

cpe:2.3:a:openclaw:openclaw:2026.2.19-2
Openclaw » Openclaw » Version: 2026.2.2

cpe:2.3:a:openclaw:openclaw:2026.2.2
Openclaw » Openclaw » Version: 2026.2.2-1

cpe:2.3:a:openclaw:openclaw:2026.2.2-1
Openclaw » Openclaw » Version: 2026.2.2-2

cpe:2.3:a:openclaw:openclaw:2026.2.2-2
Openclaw » Openclaw » Version: 2026.2.2-3

cpe:2.3:a:openclaw:openclaw:2026.2.2-3
Openclaw » Openclaw » Version: 2026.2.21

cpe:2.3:a:openclaw:openclaw:2026.2.21
Openclaw » Openclaw » Version: 2026.2.21-1

cpe:2.3:a:openclaw:openclaw:2026.2.21-1
Openclaw » Openclaw » Version: 2026.2.21-2

cpe:2.3:a:openclaw:openclaw:2026.2.21-2
Openclaw » Openclaw » Version: 2026.2.22

cpe:2.3:a:openclaw:openclaw:2026.2.22
Openclaw » Openclaw » Version: 2026.2.22-1

cpe:2.3:a:openclaw:openclaw:2026.2.22-1
Openclaw » Openclaw » Version: 2026.2.22-2

cpe:2.3:a:openclaw:openclaw:2026.2.22-2
Openclaw » Openclaw » Version: 2026.2.23

cpe:2.3:a:openclaw:openclaw:2026.2.23
Openclaw » Openclaw » Version: 2026.2.24

cpe:2.3:a:openclaw:openclaw:2026.2.24
Openclaw » Openclaw » Version: 2026.2.3

cpe:2.3:a:openclaw:openclaw:2026.2.3
Openclaw » Openclaw » Version: 2026.2.3-1

cpe:2.3:a:openclaw:openclaw:2026.2.3-1
Openclaw » Openclaw » Version: 2026.2.6

cpe:2.3:a:openclaw:openclaw:2026.2.6
Openclaw » Openclaw » Version: 2026.2.6-1

cpe:2.3:a:openclaw:openclaw:2026.2.6-1
Openclaw » Openclaw » Version: 2026.2.6-2

cpe:2.3:a:openclaw:openclaw:2026.2.6-2
Openclaw » Openclaw » Version: 2026.2.6-3

cpe:2.3:a:openclaw:openclaw:2026.2.6-3
Openclaw » Openclaw » Version: 2026.2.9

cpe:2.3:a:openclaw:openclaw:2026.2.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-32899

Products

Pricing

Contact Us