@openclaw/synology-chat 2026.2.22

Direct Vulnerabilities

Known vulnerabilities in the @openclaw/synology-chat package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Weak Password Requirements @openclaw/synology-chat is a Synology Chat channel plugin for OpenClaw Affected versions of this package are vulnerable to Weak Password Requirements due to insufficient rate limiting in the `webhook` authentication process. An attacker can repeatedly guess weak webhook tokens by sending numerous authentication attempts without being throttled. How to fix Weak Password Requirements? A fix was pushed into the `master` branch but not yet published.	>=0.0.0
M Improper Authorization @openclaw/synology-chat is a Synology Chat channel plugin for OpenClaw Affected versions of this package are vulnerable to Improper Authorization in the `webhook` process. An attacker can gain unauthorized access to direct message policies by exploiting a path collision in the multi-account configuration, allowing replacement of route ownership and bypassing intended policy separation. How to fix Improper Authorization? A fix was pushed into the `master` branch but not yet published.	>=0.0.0
H Use of Incorrectly-Resolved Name or Reference @openclaw/synology-chat is a Synology Chat channel plugin for OpenClaw Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference via the `webhook-handler` process. An attacker can redirect message replies to an unintended user by exploiting mutable username resolution instead of relying on a stable user identifier. How to fix Use of Incorrectly-Resolved Name or Reference? A fix was pushed into the `master` branch but not yet published.	>=0.0.0
M Incorrect Authorization @openclaw/synology-chat is a Synology Chat channel plugin for OpenClaw Affected versions of this package are vulnerable to Incorrect Authorization in the `synology-chat` channel plugin when `dmPolicy` is set to `allowlist` and `allowedUserIds` is empty or unset. An attacker can trigger unauthorized agent or tool actions by sending messages as an unauthorized Synology sender. This is only exploitable if the optional `synology-chat` channel plugin is enabled and configured with `dmPolicy=allowlist` and an empty or unset `allowedUserIds`. How to fix Incorrect Authorization? A fix was pushed into the `master` branch but not yet published.	>=2026.2.22

Vulnerability

Vulnerable Version

Weak Password Requirements

@openclaw/synology-chat is a Synology Chat channel plugin for OpenClaw

Affected versions of this package are vulnerable to Weak Password Requirements due to insufficient rate limiting in the webhook authentication process. An attacker can repeatedly guess weak webhook tokens by sending numerous authentication attempts without being throttled.

How to fix Weak Password Requirements?

A fix was pushed into the master branch but not yet published.

>=0.0.0

Improper Authorization

@openclaw/synology-chat is a Synology Chat channel plugin for OpenClaw

Affected versions of this package are vulnerable to Improper Authorization in the webhook process. An attacker can gain unauthorized access to direct message policies by exploiting a path collision in the multi-account configuration, allowing replacement of route ownership and bypassing intended policy separation.

How to fix Improper Authorization?

A fix was pushed into the master branch but not yet published.

>=0.0.0

Use of Incorrectly-Resolved Name or Reference

@openclaw/synology-chat is a Synology Chat channel plugin for OpenClaw

Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference via the webhook-handler process. An attacker can redirect message replies to an unintended user by exploiting mutable username resolution instead of relying on a stable user identifier.

How to fix Use of Incorrectly-Resolved Name or Reference?

A fix was pushed into the master branch but not yet published.

>=0.0.0

Incorrect Authorization

@openclaw/synology-chat is a Synology Chat channel plugin for OpenClaw

Affected versions of this package are vulnerable to Incorrect Authorization in the synology-chat channel plugin when dmPolicy is set to allowlist and allowedUserIds is empty or unset. An attacker can trigger unauthorized agent or tool actions by sending messages as an unauthorized Synology sender. This is only exploitable if the optional synology-chat channel plugin is enabled and configured with dmPolicy=allowlist and an empty or unset allowedUserIds.

How to fix Incorrect Authorization?

A fix was pushed into the master branch but not yet published.

>=2026.2.22

@openclaw/synology-chat@2026.2.22

Synology Chat channel plugin for OpenClaw

latest version

first published

latest version published

Direct Vulnerabilities

Fix vulnerabilities automatically