@openclaw/nextcloud-talk 2026.3.10

Direct Vulnerabilities

Known vulnerabilities in the @openclaw/nextcloud-talk package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Brute Force @openclaw/nextcloud-talk is an OpenClaw Nextcloud Talk channel plugin Affected versions of this package are vulnerable to Brute Force via the `webhook` authentication process. An attacker can gain unauthorized access by repeatedly attempting to guess shared secrets without restriction, potentially allowing the forging of inbound webhook events. How to fix Brute Force? A fix was pushed into the `master` branch but not yet published.	>=0.0.0
H Incorrect Authorization @openclaw/nextcloud-talk is an OpenClaw Nextcloud Talk channel plugin Affected versions of this package are vulnerable to Incorrect Authorization due to missing validation of caller scopes in the `pair approve` process. An attacker can gain unauthorized administrative access by approving device requests for higher privilege scopes without proper authorization. How to fix Incorrect Authorization? A fix was pushed into the `master` branch but not yet published.	>=0.0.0
H Server-side Request Forgery (SSRF) @openclaw/nextcloud-talk is an OpenClaw Nextcloud Talk channel plugin Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the `fetch` process in multiple channel extensions when outbound requests are made to configured base URLs without proper validation. An attacker can access internal network resources or sensitive endpoints by supplying malicious URLs. How to fix Server-side Request Forgery (SSRF)? A fix was pushed into the `master` branch but not yet published.	>=0.0.0
H Incorrect Authorization @openclaw/nextcloud-talk is an OpenClaw Nextcloud Talk channel plugin Affected versions of this package are vulnerable to Incorrect Authorization via the `callback` process. An attacker can execute unauthorized actions by sending specially crafted requests before sender authorization checks are completed. How to fix Incorrect Authorization? A fix was pushed into the `master` branch but not yet published.	>=0.0.0
H Incorrect Authorization @openclaw/nextcloud-talk is an OpenClaw Nextcloud Talk channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the `auth` process. An attacker can gain unauthorized access by sending requests with add-on principals that are not bound to the intended deployment. How to fix Incorrect Authorization? A fix was pushed into the `master` branch but not yet published.	>=0.0.0
M Incorrect Authorization @openclaw/nextcloud-talk is an OpenClaw Nextcloud Talk channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the room authorization process. An attacker can gain unauthorized access to rooms with similar names by exploiting the matching logic that relies on collidable room names instead of stable room tokens. How to fix Incorrect Authorization? A fix was pushed into the `master` branch but not yet published.	>=0.0.0

Vulnerability

Vulnerable Version

Brute Force

@openclaw/nextcloud-talk is an OpenClaw Nextcloud Talk channel plugin

Affected versions of this package are vulnerable to Brute Force via the webhook authentication process. An attacker can gain unauthorized access by repeatedly attempting to guess shared secrets without restriction, potentially allowing the forging of inbound webhook events.

How to fix Brute Force?