CWE-696
Allowed-with-ReviewIncorrect Behavior Order
Abstraction: Class · Status: Incomplete
The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways that may produce resultant weaknesses.
70 vulnerabilities reference this CWE, most recent first.
GHSA-52RM-R39V-FWV9
Vulnerability from github – Published: 2026-04-10 18:31 – Updated: 2026-04-10 18:31In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running.
{
"affected": [],
"aliases": [
"CVE-2026-40223"
],
"database_specific": {
"cwe_ids": [
"CWE-696"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-10T16:16:32Z",
"severity": "MODERATE"
},
"details": "In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=\u003cunset\u003e unit exists and is running.",
"id": "GHSA-52rm-r39v-fwv9",
"modified": "2026-04-10T18:31:18Z",
"published": "2026-04-10T18:31:18Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/systemd/systemd/security/advisories/GHSA-x4h8-rrrg-q78f"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40223"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-55RV-68Q5-WXMQ
Vulnerability from github – Published: 2026-04-10 00:30 – Updated: 2026-04-10 00:30OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where session_status resolves sessionId to canonical session keys before enforcing visibility checks. Sandboxed child sessions can exploit this to access parent or sibling sessions that should be blocked by explicit sessionKey restrictions.
{
"affected": [],
"aliases": [
"CVE-2026-35636"
],
"database_specific": {
"cwe_ids": [
"CWE-696"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-09T22:16:32Z",
"severity": "HIGH"
},
"details": "OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where session_status resolves sessionId to canonical session keys before enforcing visibility checks. Sandboxed child sessions can exploit this to access parent or sibling sessions that should be blocked by explicit sessionKey restrictions.",
"id": "GHSA-55rv-68q5-wxmq",
"modified": "2026-04-10T00:30:30Z",
"published": "2026-04-10T00:30:30Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q2qc-744p-66r2"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35636"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/d9810811b6c3c9266d7580f00574e5e02f7663de"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-session-isolation-bypass-via-sessionid-resolution"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-58F5-HFQC-JGCH
Vulnerability from github – Published: 2021-04-19 14:57 – Updated: 2021-04-16 23:01jose is an npm library providing a number of cryptographic operations.
Impact
AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. But a possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block).
Patches
All major release versions have had a patch released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are ^1.28.1 || ^2.0.5 || >=3.11.4.
Users should upgrade their v1.x dependency to ^1.28.1, their v2.x dependency to ^2.0.5, and their v3.x dependency to ^3.11.4
Credits
Thanks to Morgan Brown of Microsoft for bringing this up and Eva Sarafianou (@esarafianou) for helping to score this advisory.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "jose"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "1.28.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "jose"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "jose"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.11.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-29443"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-696"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-16T23:01:38Z",
"nvd_published_at": "2021-04-16T18:15:00Z",
"severity": "MODERATE"
},
"details": "jose is an npm library providing a number of cryptographic operations.\n### Impact\n\n[AES_CBC_HMAC_SHA2 Algorithm](https://tools.ietf.org/html/rfc7518#section-5.2) (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. But a possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block).\n\n### Patches\n\nAll major release versions have had a patch released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are `^1.28.1 || ^2.0.5 || \u003e=3.11.4`.\n\nUsers should upgrade their v1.x dependency to [`^1.28.1`](https://github.com/panva/jose/releases/tag/v1.28.1), their v2.x dependency to [`^2.0.5`](https://github.com/panva/jose/releases/tag/v2.0.5), and their v3.x dependency to [`^3.11.4`](https://github.com/panva/jose/releases/tag/v3.11.4)\n\n### Credits\nThanks to Morgan Brown of Microsoft for bringing this up and Eva Sarafianou (@esarafianou) for helping to score this advisory.",
"id": "GHSA-58f5-hfqc-jgch",
"modified": "2021-04-16T23:01:38Z",
"published": "2021-04-19T14:57:22Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/panva/jose/security/advisories/GHSA-58f5-hfqc-jgch"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29443"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/package/jose"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Padding Oracle Attack due to Observable Timing Discrepancy in jose"
}
GHSA-5GJX-6HG3-323G
Vulnerability from github – Published: 2023-12-19 00:30 – Updated: 2023-12-19 00:30Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision.
This issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.
{
"affected": [],
"aliases": [
"CVE-2023-23576"
],
"database_specific": {
"cwe_ids": [
"CWE-696"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-18T22:15:08Z",
"severity": "MODERATE"
},
"details": "\nIncorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. \n\nThis issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.\n\n",
"id": "GHSA-5gjx-6hg3-323g",
"modified": "2023-12-19T00:30:17Z",
"published": "2023-12-19T00:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23576"
},
{
"type": "WEB",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23576"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7C2C-WP2Q-Q5VX
Vulnerability from github – Published: 2025-03-09 00:30 – Updated: 2025-03-09 00:30MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11 before 10.11.7, 11.0 before 11.0.5, and 11.1 before 11.1.4 calls fix_fields_if_needed under mysql_derived_prepare when derived is not yet prepared, leading to a find_field_in_table crash.
{
"affected": [],
"aliases": [
"CVE-2023-52968"
],
"database_specific": {
"cwe_ids": [
"CWE-696"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-08T23:15:13Z",
"severity": "MODERATE"
},
"details": "MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11 before 10.11.7, 11.0 before 11.0.5, and 11.1 before 11.1.4 calls fix_fields_if_needed under mysql_derived_prepare when derived is not yet prepared, leading to a find_field_in_table crash.",
"id": "GHSA-7c2c-wp2q-q5vx",
"modified": "2025-03-09T00:30:52Z",
"published": "2025-03-09T00:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52968"
},
{
"type": "WEB",
"url": "https://jira.mariadb.org/browse/MDEV-32082"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7CV5-2CH3-G323
Vulnerability from github – Published: 2026-05-07 03:31 – Updated: 2026-05-07 03:31Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue.
{
"affected": [],
"aliases": [
"CVE-2026-44600"
],
"database_specific": {
"cwe_ids": [
"CWE-696"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-07T03:16:08Z",
"severity": "LOW"
},
"details": "Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue.",
"id": "GHSA-7cv5-2ch3-g323",
"modified": "2026-05-07T03:31:21Z",
"published": "2026-05-07T03:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44600"
},
{
"type": "WEB",
"url": "https://forum.torproject.org/c/news/tor-release-announcement/28"
},
{
"type": "WEB",
"url": "https://gitlab.torproject.org/tpo/core/tor/-/commit/a198185ed863677d60eec120126730628dac35bb"
},
{
"type": "WEB",
"url": "https://gitlab.torproject.org/tpo/core/tor/-/work_items/41251"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2026/05/06/8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-84JC-3HJ2-HWC7
Vulnerability from github – Published: 2026-05-06 23:39 – Updated: 2026-05-06 23:39Summary
The POST /v1/domain/_image and POST /v1/oauth2/{rs_name}/_image handlers call validate_image() on the uploaded body before the ACL check that restricts image upload to admins. Any bug in an image validator is therefore reachable by an unauthenticated remote client rather than being admin-gated.
One such bug exists today: png_has_trailer() panics on inputs shorter than 8 bytes, or whose first chunk-length field is near u32::MAX.
On a default build this has no server-wide impact. The panic unwinds only the requester's own tokio task; the server process survives, no shared state is poisoned, and other connections are unaffected. This was reported privately rather than as a public issue because (a) the project previously treated an admin-triggered thread crash of identical impact as security-relevant (e51d0dee4), and this is reachable by a broader population; and (b) a downstream build with panic = "abort" would upgrade it to an unauthenticated process-crash DoS.
Details
Validate-before-authorize ordering
Both handlers parse and validate attacker-controlled bytes before checking whether the caller is permitted to upload at all:
server/core/src/https/v1_domain.rs:118—image.validate_image()runs;handle_image_update(client_auth_info, …)(the ACL check) is at line 129.server/core/src/https/v1_oauth2.rs:550— same ordering.
The VerifiedClientInformation extractor (server/core/src/https/extractors/mod.rs:18-90) always returns Ok — it builds a ClientAuthInfo from whatever credentials are present (including none) and does not reject anonymous callers. Authorization is deferred to handle_image_update(), which is never reached if the validator panics or errors first.
PNG validator panic (demonstrator)
validate_image() (server/lib/src/valueset/image/mod.rs:98) checks only a 256 KiB maximum size, not a minimum, before dispatching to the format-specific validator.
Short input — server/lib/src/valueset/image/png.rs:73-76:
pub fn png_has_trailer(contents: &Vec<u8>) -> Result<bool, ImageValidationError> {
let buf = contents.as_slice();
let (magic, buf) = buf.split_at(PNG_PRELUDE.len()); // 8; panics if len < 8
Chunk-length overflow — server/lib/src/valueset/image/png.rs:46,53:
if buf.len() < (length + 4) as usize { // length: u32; wraps before the usize cast
...
}
let (_, buf) = buf.split_at(length as usize); // panics for length ≈ u32::MAX
In a release build 0xFFFF_FFFC + 4 wraps to 0, the guard passes, and split_at panics.
PoC
printf '\x89PNG' > /tmp/short.png
curl -sk https://$KANIDM_HOST/v1/domain/_image \
-F 'image=@/tmp/short.png;type=image/png;filename=x.png'
# → connection reset / empty reply; server process remains up
Unit-test confirmation (cargo test -p kanidmd_lib --lib):
#[test]
fn audit_png_short_input_panics() {
let short = vec![0x89u8, 0x50, 0x4e, 0x47];
assert!(std::panic::catch_unwind(|| png_has_trailer(&short)).is_err());
}
#[test]
fn audit_png_chunk_length_overflow_panics() {
let mut data = vec![0x89, 0x50, 0x4e, 0x47, 0x0d, 0x0a, 0x1a, 0x0a];
data.extend_from_slice(&[0xFF, 0xFF, 0xFF, 0xFD]);
data.extend_from_slice(b"IHDR");
data.extend_from_slice(&[0u8; 8]);
assert!(std::panic::catch_unwind(|| png_has_trailer(&data)).is_err());
}
Both tests pass (i.e. both inputs panic).
Impact
The only party affected is the requester, whose own connection is dropped. Repeating the request has no cumulative effect beyond ordinary request load.
On the upstream build:
- Each connection runs in its own
tokio::task::spawn(server/core/src/https/mod.rs:481); the accept loop continues after a task panic. - No
panic = "abort"in any workspace[profile.*]. - No
Mutex/RwLockheld across the call site; nothing is poisoned. - The panic occurs before any write actor is messaged; no DB or replication state is touched.
Residual risk: a downstream packager that sets panic = "abort" (or links code that installs an abort handler) would see a full unauthenticated process crash. (No such packager is known)
Affected: v1.1.0-rc.15 (introduced in e7f594a1c, #2112) through master @ edf50b9da.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "kanidmd_lib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-190",
"CWE-20",
"CWE-696"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-06T23:39:14Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\nThe `POST /v1/domain/_image` and `POST /v1/oauth2/{rs_name}/_image` handlers call `validate_image()` on the uploaded body **before** the ACL check that restricts image upload to admins. Any bug in an image validator is therefore reachable by an unauthenticated remote client rather than being admin-gated.\n\nOne such bug exists today: `png_has_trailer()` panics on inputs shorter than 8 bytes, or whose first chunk-length field is near `u32::MAX`.\n\n**On a default build this has no server-wide impact.** The panic unwinds only the requester\u0027s own tokio task; the server process survives, no shared state is poisoned, and other connections are unaffected. This was reported privately rather than as a public issue because (a) the project previously treated an admin-triggered thread crash of identical impact as security-relevant (e51d0dee4), and this is reachable by a broader population; and (b) a downstream build with `panic = \"abort\"` would upgrade it to an unauthenticated process-crash DoS.\n\n### Details\n\n#### Validate-before-authorize ordering\n\nBoth handlers parse and validate attacker-controlled bytes before checking whether the caller is permitted to upload at all:\n\n- `server/core/src/https/v1_domain.rs:118` \u2014 `image.validate_image()` runs; `handle_image_update(client_auth_info, \u2026)` (the ACL check) is at line 129.\n- `server/core/src/https/v1_oauth2.rs:550` \u2014 same ordering.\n\nThe `VerifiedClientInformation` extractor (`server/core/src/https/extractors/mod.rs:18-90`) always returns `Ok` \u2014 it builds a `ClientAuthInfo` from whatever credentials are present (including none) and does not reject anonymous callers. Authorization is deferred to `handle_image_update()`, which is never reached if the validator panics or errors first.\n\n#### PNG validator panic (demonstrator)\n\n`validate_image()` (`server/lib/src/valueset/image/mod.rs:98`) checks only a 256 KiB maximum size, not a minimum, before dispatching to the format-specific validator.\n\n**Short input** \u2014 `server/lib/src/valueset/image/png.rs:73-76`:\n\n```rust\npub fn png_has_trailer(contents: \u0026Vec\u003cu8\u003e) -\u003e Result\u003cbool, ImageValidationError\u003e {\n let buf = contents.as_slice();\n let (magic, buf) = buf.split_at(PNG_PRELUDE.len()); // 8; panics if len \u003c 8\n```\n\n**Chunk-length overflow** \u2014 `server/lib/src/valueset/image/png.rs:46,53`:\n\n```rust\nif buf.len() \u003c (length + 4) as usize { // length: u32; wraps before the usize cast\n ...\n}\nlet (_, buf) = buf.split_at(length as usize); // panics for length \u2248 u32::MAX\n```\n\nIn a release build `0xFFFF_FFFC + 4` wraps to `0`, the guard passes, and `split_at` panics.\n\n### PoC\n\n```sh\nprintf \u0027\\x89PNG\u0027 \u003e /tmp/short.png\ncurl -sk https://$KANIDM_HOST/v1/domain/_image \\\n -F \u0027image=@/tmp/short.png;type=image/png;filename=x.png\u0027\n# \u2192 connection reset / empty reply; server process remains up\n```\n\nUnit-test confirmation (`cargo test -p kanidmd_lib --lib`):\n\n```rust\n#[test]\nfn audit_png_short_input_panics() {\n let short = vec![0x89u8, 0x50, 0x4e, 0x47];\n assert!(std::panic::catch_unwind(|| png_has_trailer(\u0026short)).is_err());\n}\n\n#[test]\nfn audit_png_chunk_length_overflow_panics() {\n let mut data = vec![0x89, 0x50, 0x4e, 0x47, 0x0d, 0x0a, 0x1a, 0x0a];\n data.extend_from_slice(\u0026[0xFF, 0xFF, 0xFF, 0xFD]);\n data.extend_from_slice(b\"IHDR\");\n data.extend_from_slice(\u0026[0u8; 8]);\n assert!(std::panic::catch_unwind(|| png_has_trailer(\u0026data)).is_err());\n}\n```\n\nBoth tests pass (i.e. both inputs panic).\n\n### Impact\n\nThe only party affected is the requester, whose own connection is dropped. Repeating the request has no cumulative effect beyond ordinary request load.\n\nOn the upstream build:\n\n- Each connection runs in its own `tokio::task::spawn` (`server/core/src/https/mod.rs:481`); the accept loop continues after a task panic.\n- No `panic = \"abort\"` in any workspace `[profile.*]`.\n- No `Mutex`/`RwLock` held across the call site; nothing is poisoned.\n- The panic occurs before any write actor is messaged; no DB or replication state is touched.\n\n**Residual risk:** a downstream packager that sets `panic = \"abort\"` (or links code that installs an abort handler) would see a full unauthenticated process crash. (No such packager is known)\n\n**Affected:** v1.1.0-rc.15 (introduced in e7f594a1c, #2112) through `master` @ edf50b9da.",
"id": "GHSA-84jc-3hj2-hwc7",
"modified": "2026-05-06T23:39:14Z",
"published": "2026-05-06T23:39:14Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/kanidm/kanidm/security/advisories/GHSA-84jc-3hj2-hwc7"
},
{
"type": "PACKAGE",
"url": "https://github.com/kanidm/kanidm"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
"type": "CVSS_V4"
}
],
"summary": "kanidmd_lib: Image upload validators run before authorization; PNG validator panics on malformed input"
}
GHSA-8883-9W57-VWV6
Vulnerability from github – Published: 2026-03-26 21:23 – Updated: 2026-04-10 19:41Summary
Mattermost interactive callback dispatch could run action handlers before normal sender authorization checks completed.
Affected Packages / Versions
- Package:
openclaw(npm) - Affected: < 2026.3.22
- Fixed: >= 2026.3.22
- Latest released tag checked:
v2026.3.23-2(630f1479c44f78484dfa21bb407cbe6f171dac87) - Latest published npm version checked:
2026.3.23-2
Fix Commit(s)
a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66
Release Status
The fix shipped in v2026.3.22 and remains present in v2026.3.23 and v2026.3.23-2.
Code-Level Confirmation
- extensions/mattermost/src/mattermost/interactions.ts now requires callback authorization before dispatching actions.
- extensions/mattermost/src/mattermost/monitor.ts routes callback authorization through the same sender and allowlist policy used for normal ingress.
OpenClaw thanks @zpbrent for reporting.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.3.22"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-35652"
],
"database_specific": {
"cwe_ids": [
"CWE-285",
"CWE-696",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-26T21:23:04Z",
"nvd_published_at": "2026-04-10T17:17:05Z",
"severity": "MODERATE"
},
"details": "## Summary\nMattermost interactive callback dispatch could run action handlers before normal sender authorization checks completed.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: \u003c 2026.3.22\n- Fixed: \u003e= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- extensions/mattermost/src/mattermost/interactions.ts now requires callback authorization before dispatching actions.\n- extensions/mattermost/src/mattermost/monitor.ts routes callback authorization through the same sender and allowlist policy used for normal ingress.\n\nOpenClaw thanks @zpbrent for reporting.",
"id": "GHSA-8883-9w57-vwv6",
"modified": "2026-04-10T19:41:54Z",
"published": "2026-03-26T21:23:04Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8883-9w57-vwv6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35652"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-unauthorized-action-execution-via-callback-dispatch"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "OpenClaw: Mattermost callback dispatch allowed non-allowlisted sender actions"
}
GHSA-8F9R-GR6R-X63Q
Vulnerability from github – Published: 2026-04-10 00:30 – Updated: 2026-04-10 20:21Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-3h52-cx59-c456. This link is maintained to preserve external references.
Original Description
OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing unauthenticated attackers to force resource-intensive parsing operations. Remote attackers can send malicious webhook requests to trigger denial of service by exhausting server resources through forced JSON parsing before signature rejection.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.3.28"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-696"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-10T20:21:21Z",
"nvd_published_at": "2026-04-09T22:16:33Z",
"severity": "MODERATE"
},
"details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-3h52-cx59-c456. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing unauthenticated attackers to force resource-intensive parsing operations. Remote attackers can send malicious webhook requests to trigger denial of service by exhausting server resources through forced JSON parsing before signature rejection.",
"id": "GHSA-8f9r-gr6r-x63q",
"modified": "2026-04-10T20:21:21Z",
"published": "2026-04-10T00:30:30Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3h52-cx59-c456"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35640"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/5e8cb22176e9235e224be0bc530699261eb60e53"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-unauthenticated-webhook-request-parsing"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
],
"summary": "Duplicate Advisory: OpenClaw: Feishu webhook reads and parses unauthenticated request bodies before signature validation",
"withdrawn": "2026-04-10T20:21:21Z"
}
GHSA-96R2-52XR-8X9X
Vulnerability from github – Published: 2024-04-12 15:37 – Updated: 2025-02-06 18:31An Incorrect Behavior Order in the routing engine (RE) of Juniper Networks Junos OS on EX4300 Series allows traffic intended to the device to reach the RE instead of being discarded when the discard term is set in loopback (lo0) interface. The intended function is that the lo0 firewall filter takes precedence over the revenue interface firewall filter.
This issue affects only IPv6 firewall filter.
This issue only affects the EX4300 switch. No other products or platforms are affected by this vulnerability.
This issue affects Juniper Networks Junos OS:
- All versions before 20.4R3-S10,
- from 21.2 before 21.2R3-S7,
- from 21.4 before 21.4R3-S6.
{
"affected": [],
"aliases": [
"CVE-2024-30410"
],
"database_specific": {
"cwe_ids": [
"CWE-696"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-12T15:15:25Z",
"severity": "MODERATE"
},
"details": "An Incorrect Behavior Order in the routing engine (RE) of Juniper Networks Junos OS on EX4300 Series allows traffic intended to the device to reach the RE\u00a0instead of being discarded when the\u00a0discard term is set in loopback (lo0) interface. The intended function is that the lo0 firewall filter takes precedence over the revenue interface firewall filter.\u00a0\n\nThis issue affects only IPv6 firewall filter.\n\nThis issue only affects the EX4300 switch. No other products or platforms are affected by this vulnerability.\u00a0\n\nThis issue affects Juniper Networks Junos OS:\n\n * All versions before 20.4R3-S10,\n * from 21.2 before 21.2R3-S7,\n * from 21.4 before 21.4R3-S6.\u00a0",
"id": "GHSA-96r2-52xr-8x9x",
"modified": "2025-02-06T18:31:01Z",
"published": "2024-04-12T15:37:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30410"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/JSA79100"
},
{
"type": "WEB",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
No mitigation information available for this CWE.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.