PT-2026-30775 · Npm · Openclaw
Publicado
2026-03-27
·
Atualizado
2026-03-27
CVSS v4.0
5.3
Média
| Vetor | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
Summary
Matrix Verification Notices Bypass Matrix DM Policy and Reply to Unpaired DM Peers
Affected Packages / Versions
- Package:
openclaw - Affected versions:
<= 2026.3.24 - First patched version:
2026.3.25 - Latest published npm version at verification time:
2026.3.24
Details
Matrix verification notices previously bypassed DM access checks and could reply to peers that were unpaired or otherwise outside the allowed DM policy. Commit
2383daf5c4a4e08d9553e0e949552ad755ef9ec2 gates verification notices on DM access before sending.Verified vulnerable on tag
v2026.3.24 and fixed on main by commit 2383daf5c4a4e08d9553e0e949552ad755ef9ec2.Fix Commit(s)
2383daf5c4a4e08d9553e0e949552ad755ef9ec2
Correção
Authentication Bypass Using an Alternate Path or Channel
Incorrect Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Openclaw