CVE-2026-34507EPSS p4.3%

CVE-2026-34507CVE-2026-34507

openclaw / openclaw

Description

OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authenticated senders to skip DM-only and allowFrom policy checks. Attackers can route admin commands from unauthorized senders or contexts to execute restricted behavior that policy should have blocked.

Scoring

CVSS 5.4 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS0.15% probability of exploitation · percentile 4.3% · 2026-06-18T12:00:27Z
Last modified2026-06-01

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-35630
CVE
CVE-2026-41303
CVE
CVE-2026-43526
CVE
CVE-2026-28448
CVE
CVE-2026-43533
CVE
CVE-2026-35674
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.