漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
OpenClaw < 2026.3.12 - Authorization Bypass via Misclassified Reaction Events in Feishu
Vulnerability Description
OpenClaw before 2026.3.12 contains an authorization bypass vulnerability where Feishu reaction events with omitted chat_type are misclassified as p2p conversations instead of group chats. Attackers can exploit this misclassification to bypass groupAllowFrom and requireMention protections in group chat reaction-derived events.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
授权机制不正确
Vulnerability Title
OpenClaw 安全漏洞
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.3.12之前版本存在安全漏洞,该漏洞源于Feishu反应事件存在授权绕过问题,当chat_type被省略时被错误分类为点对点对话,可能导致攻击者绕过群聊中的groupAllowFrom和requireMention保护。
CVSS Information
N/A
Vulnerability Type
N/A