Threats Tagged 'ghsa-w5ww-7chg-mxcq'
View all threats tagged with 'ghsa-w5ww-7chg-mxcq'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'ghsa-w5ww-7chg-mxcq'
Click on any threat for detailed analysis and mitigation recommendations
GHSA-w5ww-7chg-mxcq: OpenClaw: Telegram interactive callbacks could skip commands.allowFrom 0 OpenClaw versions prior to 2026.5.6 contain a vulnerability where Telegram interactive callbacks can bypass the commands.allowFrom sender allowlist. This allows a Telegram user invoking a callback to mark it as an authorized sender before the allowlist check is applied. The vulnerability affects only the Telegram callback feature and does not alter OpenClaw's trusted-operator model. The impact depends on the operator's configuration and whether untrusted input can reach the affected callback path. The issue is patched in version 2026.5.6. Until patched, restricting Telegram command callbacks to trusted chats and narrowing allowlists are recommended mitigations. Join the discussion | GCVE Database | 07/02/2026, 17:18:51 UTC Added: 07/02/2026, 22:57:09 UTC |
Showing 1 to 1 of 1 result