Security Advisory

CVE-2026-33578

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-31 14:10:31

Last updated 2026-06-23 16:15:37

Assigner VulnCheck

State PUBLISHED

Description

OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalouser extensions where route-level group allowlist policies silently downgrade to open policy. Attackers can exploit this policy resolution flaw to bypass sender restrictions and interact with bots despite configured allowlist restrictions.

← Browse all CVEs View on cve.org ↗