CVE-2026-31991 in OpenClawinformation

Résumé

par MITRE • 19/03/2026

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where Signal group allowlist policy incorrectly accepts sender identities from DM pairing-store approvals. Attackers can exploit this boundary weakness by obtaining DM pairing approval to bypass group allowlist checks and gain unauthorized group access.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

VulnCheck

Réserver

10/03/2026

Divulgation

19/03/2026

Modérer

accepté

Entrée

VDB-351660

CPE

prêt

CWE

CWE-863 (confirmé)

CVSS

4.6 (NVD)

EPSS

0.00044

KEV

non

Activités

très faible

Secteur

Finance, Education, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-31991
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-31991
CVE Details	https://www.cvedetails.com/cve/CVE-2026-31991/

◂ Précédent Aperçu Suivant ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!