漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
OpenClaw Discord moderation authorization used untrusted sender identity in tool-driven flows
Vulnerability Description
OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the Discord moderation action handling (timeout, kick, ban) uses sender identity from request parameters in tool-driven flows, instead of trusted runtime sender context. In setups where Discord moderation actions are enabled and the bot has the necessary guild permissions, a non-admin user can request moderation actions by spoofing sender identity fields. This issue has been fixed in version 2026.2.18.
CVSS Information
N/A
Vulnerability Type
授权机制缺失
Vulnerability Title
OpenClaw 安全漏洞
Vulnerability Description
OpenClaw是openclaw开源的一个智能人工助理。 OpenClaw 2026.2.17及之前版本存在安全漏洞,该漏洞源于Discord审核操作处理使用请求参数中的发送者身份,可能导致非管理员用户通过欺骗发送者身份请求审核操作。
CVSS Information
N/A
Vulnerability Type
N/A