Primary

Context

OpenClaw Timing Vulnerability in Tlon DM Authorization Process

Vulnerability

A vulnerability exists in OpenClaw versions prior to 2026.3.22, where the application processes cited content in direct messages before completing necessary authorization checks. This flaw allows for the manipulation or access of content without proper authorization, creating a potential security risk.

Impact

Exploitation of this vulnerability could lead to unauthorized access or manipulation of content in direct messages, bypassing established authorization protocols.

Reproduction

To reproduce this vulnerability, send a direct message that includes cited content before the recipient has completed the necessary authorization process. The application will process the citation before finalizing authorization, allowing unauthorized access to the cited content.

Remediation

Users can update to OpenClaw version 2026.3.22 or later to address this vulnerability.

Added: Apr 9, 2026, 11:40 PM

Updated: Apr 9, 2026, 11:40 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

8.0

remediation

0.0

relevance

5.5

threat

4.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

8.0

remediation

0.0

relevance

5.5

threat

4.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenClaw Timing Vulnerability in Tlon DM Authorization Process

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating