CWE-351
Insufficient Type Distinction
The product does not properly distinguish between different types of elements in a way that leads to insecure behavior.
CVE-2025-65960 (GCVE-0-2025-65960)
Vulnerability from cvelistv5 – Published: 2025-11-25 18:54 – Updated: 2025-11-25 20:00
VLAI
Title
Contao is vulnerable to remote code execution in template closures
Summary
Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, back end users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A workaround for this issue involves manually patching the Contao\Template::once() method.
Severity
6.6 (Medium)
CWE
- CWE-351 - Insufficient Type Distinction
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/contao/contao/security/advisor… | x_refsource_CONFIRM |
| https://contao.org/en/security-advisories/remote-… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65960",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-25T19:59:53.302405Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T20:00:14.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "contao",
"vendor": "contao",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.13.57"
},
{
"status": "affected",
"version": "\u003e= 5.0.0-RC1, \u003c 5.3.42"
},
{
"status": "affected",
"version": "\u003e= 5.4.0-RC1, \u003c 5.6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, back end users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A workaround for this issue involves manually patching the Contao\\Template::once() method."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-351",
"description": "CWE-351: Insufficient Type Distinction",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T18:54:48.897Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contao/contao/security/advisories/GHSA-98vj-mm79-v77r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contao/contao/security/advisories/GHSA-98vj-mm79-v77r"
},
{
"name": "https://contao.org/en/security-advisories/remote-code-execution-in-template-closures",
"tags": [
"x_refsource_MISC"
],
"url": "https://contao.org/en/security-advisories/remote-code-execution-in-template-closures"
}
],
"source": {
"advisory": "GHSA-98vj-mm79-v77r",
"discovery": "UNKNOWN"
},
"title": "Contao is vulnerable to remote code execution in template closures"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-65960",
"datePublished": "2025-11-25T18:54:48.897Z",
"dateReserved": "2025-11-18T16:14:56.694Z",
"dateUpdated": "2025-11-25T20:00:14.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41341 (GCVE-0-2026-41341)
Vulnerability from cvelistv5 – Published: 2026-04-23 21:58 – Updated: 2026-04-25 01:34 X_Open Source
VLAI
Title
OpenClaw < 2026.3.31 - Component Interaction Misclassification in Discord Extension
Summary
OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM policy enforcement or trigger incorrect session handling.
Severity
CWE
- CWE-351 - Insufficient Type Distinction
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/openclaw/openclaw/security/adv… | vendor-advisory |
| https://github.com/openclaw/openclaw/commit/8c831… | patch |
| https://www.vulncheck.com/advisories/openclaw-com… | third-party-advisory |
Impacted products
Date Public
2026-03-31 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41341",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-25T01:34:01.026406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-25T01:34:11.541Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/openclaw",
"product": "OpenClaw",
"vendor": "OpenClaw",
"versions": [
{
"lessThan": "2026.3.31",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2026.3.31",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2026.3.31",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Nathan (@nexrin)"
},
{
"lang": "en",
"type": "finder",
"value": "KeenSecurityLab"
}
],
"datePublic": "2026-03-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM policy enforcement or trigger incorrect session handling."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-351",
"description": "CWE-351 Insufficient Type Distinction",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T21:58:00.325Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-6336-qqw9-v6x6)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6336-qqw9-v6x6"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openclaw/openclaw/commit/8c83128fc38d5a3642b8ccbea58550755fdbbbaf"
},
{
"name": "VulnCheck Advisory: OpenClaw \u003c 2026.3.31 - Component Interaction Misclassification in Discord Extension",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/openclaw-component-interaction-misclassification-in-discord-extension"
}
],
"tags": [
"x_open-source"
],
"title": "OpenClaw \u003c 2026.3.31 - Component Interaction Misclassification in Discord Extension",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-41341",
"datePublished": "2026-04-23T21:58:00.325Z",
"dateReserved": "2026-04-20T14:05:09.183Z",
"dateUpdated": "2026-04-25T01:34:11.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.