New: Corgea AI Pentesting — autonomous penetration testing in hours, not weeks
HIGH 8.0 npm

Duplicate Advisory: OpenClaw: QQBot native approval buttons did not enforce configured approver identity

GHSA-hx4v-668p-g2qr

Published · Modified

Description

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-mgq6-vr84-7m2j. This link is maintained to preserve external references.

Original Description

OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper authorization.

Ready to move

Start Securing

Free, no credit card | First findings in minutes