Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1036367?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1036367?format=api", "purl": "pkg:npm/openclaw@2026.4.11", "type": "npm", "namespace": "", "name": "openclaw", "version": "2026.4.11", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2026.4.23", "latest_non_vulnerable_version": "2026.4.23", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89628?format=api", "vulnerability_id": "VCID-29a1-7ar7-67e1", "summary": "OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation\n## Summary\n\nGateway HTTP and WebSocket handlers captured the resolved bearer-auth configuration when the server started. After a SecretRef rotation, the already-running gateway could continue accepting the old bearer token until restart.\n\n## Impact\n\nA bearer token that should have been revoked by SecretRef rotation could remain valid on the gateway HTTP and upgrade surfaces for the lifetime of the process. Severity remains high because the old token could continue to authorize gateway requests after operators believed it was rotated out.\n\n## Affected versions\n\n- Affected: `< 2026.4.15`\n- Patched: `2026.4.15`\n\n## Fix\n\nOpenClaw `2026.4.15` resolves active gateway auth from the runtime secret snapshot per request and per upgrade instead of using a stale startup-time value.\n\nVerified in `v2026.4.15`:\n\n- `src/gateway/server.impl.ts` exposes `getResolvedAuth()` backed by the current runtime secret snapshot.\n- `src/gateway/server-http.ts` calls `getResolvedAuth()` for each HTTP request and WebSocket upgrade before running auth checks.\n- `src/gateway/server-http.probe.test.ts` verifies `/ready` re-resolves bearer auth after rotation and rejects the old token.\n\nFix commit included in `v2026.4.15` and absent from `v2026.4.14`:\n\n- `acd4e0a32f12e1ad85f3130f63b42443ce90f094` via PR #66651\n\nThanks to @zsxsoft, Keen Security Lab, and @qclawer for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43585", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32235", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32265", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34377", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43585" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/acd4e0a32f12e1ad85f3130f63b42443ce90f094", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:53:26Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/acd4e0a32f12e1ad85f3130f63b42443ce90f094" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/66651", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/66651" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xmxx-7p24-h892", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:53:26Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xmxx-7p24-h892" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43585", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43585" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-bearer-token-validation-bypass-via-stale-secretref-resolution", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:53:26Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-bearer-token-validation-bypass-via-stale-secretref-resolution" }, { "reference_url": "https://github.com/advisories/GHSA-xmxx-7p24-h892", "reference_id": "GHSA-xmxx-7p24-h892", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xmxx-7p24-h892" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109881?format=api", "purl": "pkg:npm/openclaw@2026.4.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.15" } ], "aliases": [ "CVE-2026-43585", "GHSA-xmxx-7p24-h892" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-29a1-7ar7-67e1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89187?format=api", "vulnerability_id": "VCID-2c8p-gbaw-3ye4", "summary": "OpenClaw: Isolated cron awareness events were recorded as trusted system events\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nOutput from webhook-triggered isolated cron agent runs could be queued into the main session awareness stream without `trusted: false`. That made the event render as a trusted `System:` event instead of an untrusted system event.\n\nThis is a trust-labeling issue that can strengthen prompt-injection impact, but it does not directly bypass gateway auth, tool policy, or sandboxing. Severity is low.\n\n## Fix\n\nOpenClaw now preserves untrusted labels for isolated cron awareness events and forwards the trust flag through cron delivery helpers.\n\nFix commit:\n\n- `f61896b03cc7031f51106a04566831f4ac2a0bd7`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44999", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04732", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04745", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04761", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44999" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/f61896b03cc7031f51106a04566831f4ac2a0bd7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T13:52:52Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/f61896b03cc7031f51106a04566831f4ac2a0bd7" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-57r2-h2wj-g887", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T13:52:52Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-57r2-h2wj-g887" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44999", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44999" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-improper-trust-labeling-in-isolated-cron-awareness-events", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T13:52:52Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-improper-trust-labeling-in-isolated-cron-awareness-events" }, { "reference_url": "https://github.com/advisories/GHSA-57r2-h2wj-g887", "reference_id": "GHSA-57r2-h2wj-g887", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-57r2-h2wj-g887" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109923?format=api", "purl": "pkg:npm/openclaw@2026.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20" } ], "aliases": [ "CVE-2026-44999", "GHSA-57r2-h2wj-g887" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2c8p-gbaw-3ye4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89219?format=api", "vulnerability_id": "VCID-2khh-wv8p-97ff", "summary": "OpenClaw: Shell-wrapper detection missed env-argv assignment injection forms\n## Summary\n\nShell-wrapper detection missed env-argv assignment injection forms.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `>= 2026.2.22 < 2026.4.12`\n- Patched versions: `>= 2026.4.12`\n\n## Impact\n\nExec preflight handling missed shell-wrapper and argv-level environment assignment forms that could affect execution semantics, including high-risk shell environment controls.\n\n## Technical Details\n\nThe fix broadens shell-wrapper detection and blocks environment assignments in argv forms. High-risk shell variables such as `SHELLOPTS` and `PS4` are covered by the host environment security policy.\n\n## Fix\n\nThe issue was fixed in #65717. The first stable tag containing the fix is `v2026.4.12`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `8f8492d172f4c5b4fd7dd9a47855ed620c8770ab`\n- PR: #65717\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.12 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @decsecre583 for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42435", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28675", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31153", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31188", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42435" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/8f8492d172f4c5b4fd7dd9a47855ed620c8770ab", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-06T12:30:14Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/8f8492d172f4c5b4fd7dd9a47855ed620c8770ab" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/65717", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/65717" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-j6c7-3h5x-99g9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-06T12:30:14Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-j6c7-3h5x-99g9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42435", "reference_id": "CVE-2026-42435", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42435" }, { "reference_url": "https://github.com/advisories/GHSA-j6c7-3h5x-99g9", "reference_id": "GHSA-j6c7-3h5x-99g9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j6c7-3h5x-99g9" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-shell-wrapper-detection-bypass-via-environment-variable-assignment-injection", "reference_id": "openclaw-shell-wrapper-detection-bypass-via-environment-variable-assignment-injection", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-06T12:30:14Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-shell-wrapper-detection-bypass-via-environment-variable-assignment-injection" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110264?format=api", "purl": "pkg:npm/openclaw@2026.4.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6cfj-zugb-7uhq" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hphn-8fnj-qkh2" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.12" } ], "aliases": [ "CVE-2026-42435", "GHSA-j6c7-3h5x-99g9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2khh-wv8p-97ff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89236?format=api", "vulnerability_id": "VCID-2mxq-krq5-bycx", "summary": "OpenClaw: Empty approver lists could grant explicit approval authorization\n## Summary\n\nEmpty approver lists could grant explicit approval authorization.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.12`\n- Patched versions: `>= 2026.4.12`\n\n## Impact\n\nFor helper-backed channels, an empty resolved approver list could be interpreted as explicit approval authorization, allowing a sender outside the normal channel authorization gate to resolve pending approvals if they knew an approval id.\n\n## Technical Details\n\nThe fix prevents empty approver lists from granting explicit approval authorization and adds regression coverage for unauthorized senders.\n\n## Fix\n\nThe issue was fixed in #65714. The first stable tag containing the fix is `v2026.4.12`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `0a105c0900de701d2ee9f1abc96b017afbd0afdd`\n- PR: #65714\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.12 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @anshumanbh for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43574", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09702", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11327", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11359", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43574" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/0a105c0900de701d2ee9f1abc96b017afbd0afdd", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T12:19:51Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/0a105c0900de701d2ee9f1abc96b017afbd0afdd" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/65714", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/65714" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-49cg-279w-m73x", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T12:19:51Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-49cg-279w-m73x" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43574", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43574" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-improper-authorization-via-empty-approver-lists", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T12:19:51Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-improper-authorization-via-empty-approver-lists" }, { "reference_url": "https://github.com/advisories/GHSA-49cg-279w-m73x", "reference_id": "GHSA-49cg-279w-m73x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-49cg-279w-m73x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110264?format=api", "purl": "pkg:npm/openclaw@2026.4.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6cfj-zugb-7uhq" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hphn-8fnj-qkh2" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.12" } ], "aliases": [ "CVE-2026-43574", "GHSA-49cg-279w-m73x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2mxq-krq5-bycx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89051?format=api", "vulnerability_id": "VCID-3xmj-n798-x3cw", "summary": "OpenClaw: Browser SSRF policy default allowed private-network navigation\n## Summary\n\nBrowser SSRF policy default allowed private-network navigation.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.14`\n- Patched versions: `>= 2026.4.14`\n\n## Impact\n\nBrowser SSRF protection could allow private-network navigation by default in paths where restrictive behavior was expected, exposing internal services or metadata endpoints through browser-driven requests.\n\n## Technical Details\n\nThe fix preserves strict SSRF configuration semantics, keeps private-network access disabled unless explicitly opted in, and updates loopback CDP readiness handling for the stricter default.\n\n## Fix\n\nThe issue was fixed in #66354 and #66386. The first stable tag containing the fix is `v2026.4.14`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `024f4614a1a1831406e763adc40ef226e3d5e9ed`\n- `1dabfef28db523e7de81edeb3dd689e9171236a2`\n- `213c36cf51121ef6c05cfccd78037371f968f31a`\n- `7eecfa411df3d12e6b810e6ca5df47254fc3db3f`\n- PR: #66354, #66386\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.14 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43527", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10565", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.1227", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.12235", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43527" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/024f4614a1a1831406e763adc40ef226e3d5e9ed", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T12:39:27Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/024f4614a1a1831406e763adc40ef226e3d5e9ed" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/1dabfef28db523e7de81edeb3dd689e9171236a2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T12:39:27Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/1dabfef28db523e7de81edeb3dd689e9171236a2" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/213c36cf51121ef6c05cfccd78037371f968f31a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T12:39:27Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/213c36cf51121ef6c05cfccd78037371f968f31a" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/7eecfa411df3d12e6b810e6ca5df47254fc3db3f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T12:39:27Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/7eecfa411df3d12e6b810e6ca5df47254fc3db3f" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/66354", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/66354" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/66386", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/66386" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-53vx-pmqw-863c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T12:39:27Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-53vx-pmqw-863c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43527", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43527" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-private-network-navigation", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T12:39:27Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-private-network-navigation" }, { "reference_url": "https://github.com/advisories/GHSA-53vx-pmqw-863c", "reference_id": "GHSA-53vx-pmqw-863c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-53vx-pmqw-863c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109967?format=api", "purl": "pkg:npm/openclaw@2026.4.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.14" } ], "aliases": [ "CVE-2026-43527", "GHSA-53vx-pmqw-863c" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "6.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3xmj-n798-x3cw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95449?format=api", "vulnerability_id": "VCID-4316-7q9a-xuhx", "summary": "OpenClaw's Webhooks SecretRef route secret remains valid after rotation/reload\n## Summary\n\nOpenClaw webhooks allowed route secrets to be backed by `SecretRef` values, but cached the resolved secret for a route. After an operator rotated the underlying secret and ran `openclaw secrets reload`, the previous resolved webhook secret could remain valid until the plugin or gateway restarted.\n\n## Impact\n\nAn attacker who already had a previously valid webhook route secret could continue authenticating webhook requests after the operator rotated the secret and reloaded secrets. This weakened credential rotation for webhook routes and could allow continued invocation of the configured webhook task flow until restart.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` on npm\n- Affected: versions before `2026.4.23`\n- Fixed: `2026.4.23`\n- Latest stable verified fixed: `openclaw@2026.4.23`, tag `v2026.4.23`\n\n## Fix\n\nWebhook route authentication now resolves `SecretRef`-backed route secrets on each request. A rotated secret becomes effective after `openclaw secrets reload` without requiring a gateway or plugin restart, and the old secret is rejected.\n\n## Fix Commit(s)\n\n- `36c4a372a0ad5dca8bfc0d93f7aab9c2f2de66fa` (`fix(webhooks): reload route secrets per request`)\n\n## Severity\n\nSeverity remains `medium`. The attack requires possession of a previously valid route secret, but the stale credential can continue to authorize webhook actions after rotation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45005", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17844", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17878", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17882", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45005" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/36c4a372a0ad5dca8bfc0d93f7aab9c2f2de66fa", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T16:10:40Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/36c4a372a0ad5dca8bfc0d93f7aab9c2f2de66fa" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q8ff-7ffm-m3r9", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T16:10:40Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q8ff-7ffm-m3r9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45005", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45005" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-webhook-route-secret-cache-not-invalidated-after-rotation", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T16:10:40Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-webhook-route-secret-cache-not-invalidated-after-rotation" }, { "reference_url": "https://github.com/advisories/GHSA-q8ff-7ffm-m3r9", "reference_id": "GHSA-q8ff-7ffm-m3r9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q8ff-7ffm-m3r9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114733?format=api", "purl": "pkg:npm/openclaw@2026.4.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.23" } ], "aliases": [ "CVE-2026-45005", "GHSA-q8ff-7ffm-m3r9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4316-7q9a-xuhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92152?format=api", "vulnerability_id": "VCID-4u3z-rs45-gbhe", "summary": "OpenClaw: Workspace dotenv files cannot override connector endpoint hosts\n## Summary\nWorkspace dotenv files cannot override connector endpoint hosts.\n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: <= 2026.4.21\n- Fixed version: 2026.4.22\n\n## Impact\nA workspace .env file could set connector endpoint variables for Matrix, Mattermost, IRC, or Synology-related connectors and redirect runtime traffic away from the operator-configured endpoint.\n\n## Fix\nWorkspace .env loading now blocks those endpoint variables, including per-account Matrix homeserver suffixes and generic base-url/API-host style overrides. Trusted global runtime dotenv loading remains separate.\n\n## Fix Commit(s)\n- 0623079e98abf7202591f1b04a89755eb7ec9272\n\n## Verification\n- The fix commit is contained in the public v2026.4.22 tag.\n- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.\n- Focused regression coverage for this path passed before publication.\n\nOpenClaw thanks @qi-scape for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45003", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01337", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01342", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01341", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45003" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/0623079e98abf7202591f1b04a89755eb7ec9272", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "4.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:02Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/0623079e98abf7202591f1b04a89755eb7ec9272" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-55cf-xx38-4p9p", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "4.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:02Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-55cf-xx38-4p9p" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45003", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45003" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-connector-endpoint-host-override-via-workspace-dotenv-files", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "4.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:02Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-connector-endpoint-host-override-via-workspace-dotenv-files" }, { "reference_url": "https://github.com/advisories/GHSA-55cf-xx38-4p9p", "reference_id": "GHSA-55cf-xx38-4p9p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-55cf-xx38-4p9p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114466?format=api", "purl": "pkg:npm/openclaw@2026.4.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22" } ], "aliases": [ "CVE-2026-45003", "GHSA-55cf-xx38-4p9p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4u3z-rs45-gbhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89852?format=api", "vulnerability_id": "VCID-6cfj-zugb-7uhq", "summary": "OpenClaw: Delivery queue recovery could lose group tool-policy context for media replay\n## Summary\n\nDelivery queue recovery could lose group tool-policy context for media replay.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `>= 2026.4.10 < 2026.4.14`\n- Patched versions: `>= 2026.4.14`\n\n## Impact\n\nRecovered queued outbound media could be replayed without the original session context needed to enforce group tool policy, weakening channel media restrictions after restart/recovery.\n\n## Technical Details\n\nThe fix persists and replays the relevant session context with delivery queue entries so recovered media dispatch goes through the same policy checks.\n\n## Fix\n\nThe issue was fixed in #66025. The first stable tag containing the fix is `v2026.4.14`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `48aae82bbc19ba8b0741e61a08063eb0d1df464e`\n- PR: #66025\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.14 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43583", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09419", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09401", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.1098", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43583" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/48aae82bbc19ba8b0741e61a08063eb0d1df464e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T17:29:14Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/48aae82bbc19ba8b0741e61a08063eb0d1df464e" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/66025", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/66025" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-r77c-2cmr-7p47", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T17:29:14Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-r77c-2cmr-7p47" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43583", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43583" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-loss-of-group-tool-policy-context-in-delivery-queue-recovery", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T17:29:14Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-loss-of-group-tool-policy-context-in-delivery-queue-recovery" }, { "reference_url": "https://github.com/advisories/GHSA-r77c-2cmr-7p47", "reference_id": "GHSA-r77c-2cmr-7p47", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r77c-2cmr-7p47" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109967?format=api", "purl": "pkg:npm/openclaw@2026.4.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.14" } ], "aliases": [ "CVE-2026-43583", "GHSA-r77c-2cmr-7p47" ], "risk_score": 2.7, "exploitability": "0.5", "weighted_severity": "5.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6cfj-zugb-7uhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89059?format=api", "vulnerability_id": "VCID-6wth-qthz-yud8", "summary": "OpenClaw: Browser snapshot and screenshot routes could expose internal page content after navigation\n## Summary\n\nBrowser snapshot and screenshot routes could expose internal page content after navigation.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.14`\n- Patched versions: `>= 2026.4.14`\n\n## Impact\n\nAuthenticated browser tool callers could use snapshot, screenshot, or tab routes that did not consistently validate the final browser target after route-driven navigation. In restrictive browser SSRF configurations this could expose content from internal or otherwise disallowed pages.\n\n## Technical Details\n\nThe fix re-checks browser snapshot, screenshot, and tab route results against the configured browser SSRF policy before returning page content. Regression coverage was added around snapshot/screenshot and tab-route flows.\n\n## Fix\n\nThe issue was fixed in #66040. The first stable tag containing the fix is `v2026.4.14`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `b75ad800a59009fc47eaa3471410f69046150e59`\n- PR: #66040\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.14 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42436", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09041", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10552", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.1059", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42436" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/b75ad800a59009fc47eaa3471410f69046150e59", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T14:10:04Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/b75ad800a59009fc47eaa3471410f69046150e59" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/66040", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/66040" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-c4qm-58hj-j6pj", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T14:10:04Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-c4qm-58hj-j6pj" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42436", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42436" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-internal-page-content-exposure-via-browser-snapshot-and-screenshot-routes", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T14:10:04Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-internal-page-content-exposure-via-browser-snapshot-and-screenshot-routes" }, { "reference_url": "https://github.com/advisories/GHSA-c4qm-58hj-j6pj", "reference_id": "GHSA-c4qm-58hj-j6pj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c4qm-58hj-j6pj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109967?format=api", "purl": "pkg:npm/openclaw@2026.4.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.14" } ], "aliases": [ "CVE-2026-42436", "GHSA-c4qm-58hj-j6pj" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "6.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6wth-qthz-yud8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89630?format=api", "vulnerability_id": "VCID-6y5w-am4s-6qa5", "summary": "OpenClaw: busybox and toybox applet execution weakened exec approval binding\n## Summary\n\nbusybox and toybox applet execution weakened exec approval binding.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `>= 2026.2.23 < 2026.4.12`\n- Patched versions: `>= 2026.4.12`\n\n## Impact\n\nOpaque multi-call binaries such as `busybox` and `toybox` could obscure which applet or script-like behavior would actually run, weakening exec approval binding and risk classification.\n\n## Technical Details\n\nThe fix treats `busybox` and `toybox` as opaque mutable script runners and fails closed rather than binding unsafe applet invocations.\n\n## Fix\n\nThe issue was fixed in #65713. The first stable tag containing the fix is `v2026.4.12`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `666f48d9b882a8a1415ca53f9567c72499d850c9`\n- PR: #65713\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.12 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @decsecre583 for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43530", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.19015", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21375", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21421", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43530" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/666f48d9b882a8a1415ca53f9567c72499d850c9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T14:31:04Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/666f48d9b882a8a1415ca53f9567c72499d850c9" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/65713", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/65713" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2cq5-mf3v-mx44", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T14:31:04Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2cq5-mf3v-mx44" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43530", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43530" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-weakened-exec-approval-binding-via-busybox-and-toybox-applet-execution", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T14:31:04Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-weakened-exec-approval-binding-via-busybox-and-toybox-applet-execution" }, { "reference_url": "https://github.com/advisories/GHSA-2cq5-mf3v-mx44", "reference_id": "GHSA-2cq5-mf3v-mx44", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2cq5-mf3v-mx44" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110264?format=api", "purl": "pkg:npm/openclaw@2026.4.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6cfj-zugb-7uhq" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hphn-8fnj-qkh2" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.12" } ], "aliases": [ "CVE-2026-43530", "GHSA-2cq5-mf3v-mx44" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6y5w-am4s-6qa5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89144?format=api", "vulnerability_id": "VCID-7akj-469t-57hz", "summary": "OpenClaw: Agent gateway config mutations could change protected operator settings\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nThe agent-facing `gateway config.patch` / `config.apply` guard did not cover several operator-trusted settings, including sandbox policy, plugin enablement, gateway auth/TLS, hook routing, MCP server configuration, SSRF policy, and filesystem hardening. A prompt-injected model with access to the owner-only gateway tool could persist changes to those settings.\n\nThis is a model-to-operator guard bypass, not a remote unauthenticated gateway compromise. Severity is medium.\n\n## Fix\n\nOpenClaw now blocks model-driven gateway config mutations for the broader operator-trusted path set and covers per-agent overrides and array-entry patching.\n\nFix commit:\n\n- `fe30b31a97a917ecc6e92f6c85378b6b20352422`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/fe30b31a97a917ecc6e92f6c85378b6b20352422", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/fe30b31a97a917ecc6e92f6c85378b6b20352422" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7jm2-g593-4qrc", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7jm2-g593-4qrc" }, { "reference_url": "https://github.com/advisories/GHSA-7jm2-g593-4qrc", "reference_id": "GHSA-7jm2-g593-4qrc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7jm2-g593-4qrc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109923?format=api", "purl": "pkg:npm/openclaw@2026.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20" } ], "aliases": [ "GHSA-7jm2-g593-4qrc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7akj-469t-57hz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89809?format=api", "vulnerability_id": "VCID-9kgh-wj9w-ykff", "summary": "OpenClaw: QQBot reply media URL handling could trigger SSRF and re-upload fetched bytes\n## Summary\n\nQQBot reply media URL handling could trigger SSRF and re-upload fetched bytes.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.12`\n- Patched versions: `>= 2026.4.12`\n\n## Impact\n\nQQBot reply media URLs could be treated as trusted media sources, allowing SSRF fetches whose returned bytes were then re-uploaded through the channel.\n\n## Technical Details\n\nThe fix routes QQBot remote media fetches through SSRF-guarded media fetching and explicit URL allowlist policy.\n\n## Fix\n\nThe issue was fixed in #63495 and #65788. The first stable tag containing the fix is `v2026.4.12`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `08ae021d1f4f02e0ca5fd8a3b9659291c1ecf95a`\n- `ddb7a8dd80b8d5dd04aafa44ce7a4354b568bb2d`\n- PR: #63495, #65788\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.12 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @threalwinky for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43526", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12834", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.14131", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.14168", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43526" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/08ae021d1f42905a85a550813c0d95169b171a6c", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/08ae021d1f42905a85a550813c0d95169b171a6c" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/08ae021d1f4f02e0ca5fd8a3b9659291c1ecf95a", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-05T12:24:17Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/08ae021d1f4f02e0ca5fd8a3b9659291c1ecf95a" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/ddb7a8dd80b8d5dd04aafa44ce7a4354b568bb2d", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-05T12:24:17Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/ddb7a8dd80b8d5dd04aafa44ce7a4354b568bb2d" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/63495", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/63495" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/65788", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/65788" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2767-2q9v-9326", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-05T12:24:17Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2767-2q9v-9326" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43526", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43526" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-qqbot-reply-media-url-handling", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-05T12:24:17Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-qqbot-reply-media-url-handling" }, { "reference_url": "https://github.com/advisories/GHSA-2767-2q9v-9326", "reference_id": "GHSA-2767-2q9v-9326", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2767-2q9v-9326" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110264?format=api", "purl": "pkg:npm/openclaw@2026.4.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6cfj-zugb-7uhq" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hphn-8fnj-qkh2" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.12" } ], "aliases": [ "CVE-2026-43526", "GHSA-2767-2q9v-9326" ], "risk_score": 3.8, "exploitability": "0.5", "weighted_severity": "7.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9kgh-wj9w-ykff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89810?format=api", "vulnerability_id": "VCID-a46u-tnbh-fyhs", "summary": "OpenClaw: QMD memory_get restricts reads to canonical or indexed memory paths\n## Summary\n\nThe QMD backend `memory_get` read path accepted arbitrary workspace Markdown paths that were inside the workspace but outside the canonical memory locations or indexed QMD result set.\n\n## Impact\n\nWhen the QMD backend was enabled, a caller with access to `memory_get` could read arbitrary `*.md` files under the configured workspace root, even when those files were not canonical memory files and had not been returned by QMD search. Severity remains low because exploitation requires access to the memory tool surface and is limited to workspace Markdown files, but it bypassed the intended memory-path policy.\n\n## Affected versions\n\n- Affected: `< 2026.4.15`\n- Patched: `2026.4.15`\n\n## Fix\n\nOpenClaw `2026.4.15` restricts QMD reads to canonical memory paths or previously indexed QMD workspace paths. Workspace containment alone is no longer sufficient.\n\nVerified in `v2026.4.15`:\n\n- `extensions/memory-core/src/memory/qmd-manager.ts` rejects non-default workspace Markdown paths unless they match an indexed QMD workspace read path.\n- `extensions/memory-core/src/memory/qmd-manager.test.ts` covers QMD session search-result reads and the read-path restriction behavior.\n\nFix commit included in `v2026.4.15` and absent from `v2026.4.14`:\n\n- `37d5971db36491d5050efd42c333cbe0b98ed292` via PR #66026\n\nThanks to @zsxsoft, Keen Security Lab, and @qclawer for reporting this issue.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/37d5971db36491d5050efd42c333cbe0b98ed292", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/37d5971db36491d5050efd42c333cbe0b98ed292" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/66026", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/66026" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f934-5rqf-xx47", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f934-5rqf-xx47" }, { "reference_url": "https://github.com/advisories/GHSA-f934-5rqf-xx47", "reference_id": "GHSA-f934-5rqf-xx47", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f934-5rqf-xx47" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109881?format=api", "purl": "pkg:npm/openclaw@2026.4.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.15" } ], "aliases": [ "GHSA-f934-5rqf-xx47" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a46u-tnbh-fyhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90199?format=api", "vulnerability_id": "VCID-a4jz-y9s4-zkfg", "summary": "OpenClaw: Owner-enforced commands could accept wildcard channel senders as command owners\n## Impact\n\nOpenClaw deployments before `2026.4.21` could treat a non-owner sender as authorized for owner-enforced slash commands when all of the following were true:\n\n- a channel plugin declared `commands.enforceOwnerForCommands: true`;\n- the channel accepted wildcard inbound senders with `allowFrom: [\"*\"]`;\n- no explicit `commands.ownerAllowFrom` was configured.\n\nIn that state, `src/auto-reply/command-auth.ts` reused the channel inbound wildcard as part of the command-owner decision. A sender who was not the owner could therefore pass the owner-command gate for commands such as `/send`, `/config`, or `/debug` on the affected channel.\n\nThe issue is limited to the command-owner authorization axis. It does not by itself grant owner-only tool access, host/sandbox access, or gateway administrator scope.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` on npm\n- Affected versions: `<= 2026.4.20`\n- Patched version: `2026.4.21`\n\nThe latest public release, `2026.4.21`, contains the fix.\n\n## Patches\n\nThe fix requires a concrete owner identity or internal operator-admin scope when a plugin enforces owner-only commands. Wildcard channel `allowFrom` no longer implies wildcard command ownership.\n\nFix commits:\n\n- `2aa93d44a1b2c7058c371f261fda2b5d4de4a882` on `main`\n- `995febb7b1e811ff6a1df5b18c22de94103f4c9f` in the `2026.4.21` release line\n\n## Workarounds\n\nUpgrade to `openclaw@2026.4.21` or later. Before upgrading, avoid wildcard/open-DM sender policy on owner-enforced channels, or configure `commands.ownerAllowFrom` to the intended owner identities.\n\n## Credits\n\nOpenClaw thanks @zsxsoft for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44991", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08975", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08973", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08993", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44991" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/2aa93d44a1b2c7058c371f261fda2b5d4de4a882", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:26:30Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/2aa93d44a1b2c7058c371f261fda2b5d4de4a882" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/995febb7b1e811ff6a1df5b18c22de94103f4c9f", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:26:30Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/995febb7b1e811ff6a1df5b18c22de94103f4c9f" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-c28g-vh7m-fm7v", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:26:30Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-c28g-vh7m-fm7v" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44991", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44991" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-owner-enforced-commands-via-wildcard-channel-senders", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:26:30Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-owner-enforced-commands-via-wildcard-channel-senders" }, { "reference_url": "https://github.com/advisories/GHSA-c28g-vh7m-fm7v", "reference_id": "GHSA-c28g-vh7m-fm7v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c28g-vh7m-fm7v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/111520?format=api", "purl": "pkg:npm/openclaw@2026.4.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.21" } ], "aliases": [ "CVE-2026-44991", "GHSA-c28g-vh7m-fm7v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a4jz-y9s4-zkfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89927?format=api", "vulnerability_id": "VCID-dfdk-dhwf-9yaj", "summary": "OpenClaw: config.get redaction bypass through sourceConfig and runtimeConfig aliases\n## Summary\n\nconfig.get redaction bypass through sourceConfig and runtimeConfig aliases.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.14`\n- Patched versions: `>= 2026.4.14`\n\n## Impact\n\nAn authenticated gateway client with config read access could receive unredacted secrets through alias fields that survived redaction, including provider API keys, gateway auth material, and channel credentials.\n\n## Technical Details\n\nThe fix explicitly overwrites `sourceConfig` and `runtimeConfig` with the same redacted copies used for `resolved` and `config`, including the invalid-snapshot branch. Tests now cover both alias fields.\n\n## Fix\n\nThe issue was fixed in #66030. The first stable tag containing the fix is `v2026.4.14`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `86734ef93a2f25063371b04f1946eb300548acd4`\n- PR: #66030\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.14 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43528", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.24058", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26208", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26253", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43528" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/86734ef93a2f25063371b04f1946eb300548acd4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T14:10:57Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/86734ef93a2f25063371b04f1946eb300548acd4" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/66030", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/66030" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8372-7vhw-cm6q", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T14:10:57Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8372-7vhw-cm6q" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43528", "reference_id": "CVE-2026-43528", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43528" }, { "reference_url": "https://github.com/advisories/GHSA-8372-7vhw-cm6q", "reference_id": "GHSA-8372-7vhw-cm6q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8372-7vhw-cm6q" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-redaction-bypass-via-sourceconfig-and-runtimeconfig-aliases", "reference_id": "openclaw-redaction-bypass-via-sourceconfig-and-runtimeconfig-aliases", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T14:10:57Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-redaction-bypass-via-sourceconfig-and-runtimeconfig-aliases" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109967?format=api", "purl": "pkg:npm/openclaw@2026.4.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.14" } ], "aliases": [ "CVE-2026-43528", "GHSA-8372-7vhw-cm6q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dfdk-dhwf-9yaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94834?format=api", "vulnerability_id": "VCID-dv5s-pvw1-a7fu", "summary": "OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution\n## Summary\n\nOpenClaw's bundled plugin setup resolver could fall back to `process.cwd()` while resolving provider setup metadata. If a user ran an OpenClaw command from an attacker-controlled repository containing `extensions/<plugin>/setup-api.js`, OpenClaw could load and execute that JavaScript during ordinary provider/model status resolution.\n\n## Impact\n\nThis is arbitrary JavaScript execution in the OpenClaw process under the current user account. A malicious repository could run code when the user executed commands such as provider/model inspection from that directory. The issue does not require gateway network exposure, but it does require user interaction: the user must run OpenClaw from a directory containing the attacker-controlled setup file.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` on npm\n- Affected: versions before `2026.4.23`\n- Fixed: `2026.4.23`\n- Latest stable verified fixed: `openclaw@2026.4.23`, tag `v2026.4.23`\n\n## Fix\n\nOpenClaw now resolves bundled setup fallbacks only from the canonical package/repository root and no longer includes `process.cwd()` as a trusted setup-api search root. A regression test verifies that a workspace-local `extensions/<plugin>/setup-api.js` is not loaded through provider setup resolution.\n\n## Fix Commit(s)\n\n- `993781e6e6eaf50f033cfc3e3bf4f47059740707` (`fix(plugins): ignore cwd setup-api fallback`)\n\n## Severity\n\nSeverity remains `high` because successful exploitation allows arbitrary code execution under the user running OpenClaw. The CVSS vector is local/user-interaction scoped rather than network-only because the victim must run OpenClaw from an attacker-controlled directory.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45004", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0286", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02815", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02869", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45004" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/993781e6e6eaf50f033cfc3e3bf4f47059740707", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T18:30:14Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/993781e6e6eaf50f033cfc3e3bf4f47059740707" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-r39h-4c2p-3jxp", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T18:30:14Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-r39h-4c2p-3jxp" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45004" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-setup-api-js-in-current-working-directory", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T18:30:14Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-setup-api-js-in-current-working-directory" }, { "reference_url": "https://github.com/advisories/GHSA-r39h-4c2p-3jxp", "reference_id": "GHSA-r39h-4c2p-3jxp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r39h-4c2p-3jxp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114733?format=api", "purl": "pkg:npm/openclaw@2026.4.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.23" } ], "aliases": [ "CVE-2026-45004", "GHSA-r39h-4c2p-3jxp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dv5s-pvw1-a7fu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93521?format=api", "vulnerability_id": "VCID-e25p-j5ed-yqfz", "summary": "OpenClaw's Gateway Control UI bootstrap config required Gateway auth\n## Summary\nGateway Control UI bootstrap config required Gateway auth.\n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: <= 2026.4.21\n- Fixed version: 2026.4.22\n\n## Impact\nWhen Gateway authentication was enabled, the Control UI bootstrap config endpoint could still be read without a valid Gateway token. That response could expose sensitive bootstrap/config fields intended only for authenticated Control UI sessions.\n\n## Fix\nThe bootstrap config route now goes through the same Gateway read-auth path as other authenticated Control UI reads. Regression tests cover unauthenticated rejection, valid-token access, and basePath handling.\n\n## Fix Commit(s)\n- 2321d67263bc710e357644d59f746b08d891051b\n\n## Verification\n- The fix commit is contained in the public v2026.4.22 tag.\n- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.\n- Focused regression coverage for this path passed before publication.\n\nOpenClaw thanks @zsxsoft for reporting.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/2321d67263bc710e357644d59f746b08d891051b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/2321d67263bc710e357644d59f746b08d891051b" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-93rg-2xm5-2p9v", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-93rg-2xm5-2p9v" }, { "reference_url": "https://github.com/advisories/GHSA-93rg-2xm5-2p9v", "reference_id": "GHSA-93rg-2xm5-2p9v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-93rg-2xm5-2p9v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114466?format=api", "purl": "pkg:npm/openclaw@2026.4.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22" } ], "aliases": [ "GHSA-93rg-2xm5-2p9v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e25p-j5ed-yqfz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89007?format=api", "vulnerability_id": "VCID-gk95-28x9-17dk", "summary": "OpenClaw: Webchat audio embedding could read local files without local-root containment\n## Impact\n\nOpenClaw deployments before `2026.4.15` could embed host-local audio files into webchat responses without applying the local media root containment check used by other media-serving paths.\n\nIf an attacker could influence an agent or tool-produced `ReplyPayload.mediaUrl`, the webchat audio embedding helper could resolve an absolute local path or `file:` URL, read an audio-like file under the size cap, and base64-encode it into the webchat media response. This crossed the model/tool-output boundary into a host file read. Prompt injection or malicious tool output is a delivery mechanism; the security boundary failure is the missing local-root containment check.\n\nThe impact is narrow: the file had to be readable by the gateway process, have an audio-like extension, and fit within the webchat audio size cap. The issue exposed contents into the webchat assistant/media transcript path; it was not a general remote filesystem API.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` on npm\n- Affected versions: `<= 2026.4.14`\n- Patched version: `2026.4.15`\n\nThe latest public release, `2026.4.21`, also contains the fix.\n\n## Patches\n\nThe public fix threads the applicable local media roots into the webchat audio embedding path and calls `assertLocalMediaAllowed` before local audio content is read. Current `main` also includes an additional `trustedLocalMedia` gate so untrusted model/tool payloads cannot opt into local audio embedding.\n\nFix commit:\n\n- `6e58f1f9f54bca1fea1268ec0ee4c01a2af03dde`\n\n## Workarounds\n\nUpgrade to `openclaw@2026.4.15` or later. The latest public release, `2026.4.21`, is fixed. Before upgrading, avoid exposing webchat sessions to untrusted prompt/tool content that can influence reply media URLs.\n\n## Credits\n\nOpenClaw thanks @zsxsoft for reporting.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/6e58f1f9f54bca1fea1268ec0ee4c01a2af03dde", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/6e58f1f9f54bca1fea1268ec0ee4c01a2af03dde" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gfg9-5357-hv4c", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gfg9-5357-hv4c" }, { "reference_url": "https://github.com/advisories/GHSA-gfg9-5357-hv4c", "reference_id": "GHSA-gfg9-5357-hv4c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gfg9-5357-hv4c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109881?format=api", "purl": "pkg:npm/openclaw@2026.4.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.15" } ], "aliases": [ "GHSA-gfg9-5357-hv4c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gk95-28x9-17dk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89411?format=api", "vulnerability_id": "VCID-gkyv-ahk7-1ud3", "summary": "OpenClaw: Bundled MCP/LSP tools could bypass configured tool policy\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nBundled MCP and LSP tools could be appended to the agent's effective tool set after the normal tool-policy pipeline had already filtered core tools. If an operator configured a restrictive policy, such as a tool profile, explicit allow/deny list, owner-only tool restriction, sandbox tool policy, or subagent tool policy, a bundled MCP/LSP tool could remain available even though the same policy would have denied it.\n\nThe issue required a configured bundled MCP or LSP tool source and an operator policy that should have restricted that tool. This was a local agent policy-enforcement bypass, not an unauthenticated remote gateway compromise. Severity is medium.\n\n## Fix\n\nOpenClaw now applies a final effective tool policy pass to bundled MCP/LSP tools before merging them into the tool set used by normal runs and compaction. The pass covers profile policy, provider profile policy, global/agent/group policies, owner-only filtering, sandbox tool policy, and subagent tool policy.\n\nFix commit:\n\n- `0e7a992d3f3155199c1acc2dd9a53c5b3a4d3ada`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/0e7a992d3f3155199c1acc2dd9a53c5b3a4d3ada", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/0e7a992d3f3155199c1acc2dd9a53c5b3a4d3ada" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qrp5-gfw2-gxv4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qrp5-gfw2-gxv4" }, { "reference_url": "https://github.com/advisories/GHSA-qrp5-gfw2-gxv4", "reference_id": "GHSA-qrp5-gfw2-gxv4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qrp5-gfw2-gxv4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109923?format=api", "purl": "pkg:npm/openclaw@2026.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20" } ], "aliases": [ "GHSA-qrp5-gfw2-gxv4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gkyv-ahk7-1ud3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88991?format=api", "vulnerability_id": "VCID-h9a4-1twb-d7d1", "summary": "OpenClaw: Webchat media embedding enforces local-root containment for tool-result files\n## Summary\n\nWebchat tool-result media normalization could pass local and UNC-style file paths into the host-side media embedding path without applying the configured local-root containment policy.\n\n## Impact\n\nA crafted tool-result media reference could cause the host to attempt local file reads or Windows UNC/network path access while preparing webchat media blocks. This could disclose allowed host files or trigger network credential exposure on affected Windows deployments. Severity remains medium because exploitation depends on a tool-result media path reaching the webchat embedding path, but the sink is a host-side file read before the user sees the rendered result.\n\n## Affected versions\n\n- Affected: `>= 2026.4.7, < 2026.4.15`\n- Patched: `2026.4.15`\n\n## Fix\n\nOpenClaw `2026.4.15` hardens the webchat media path and the shared media resolver. Remote-host `file://` URLs and Windows network paths are rejected before filesystem access, and audio embedding now enforces configured `localRoots` containment before `stat` or read operations.\n\nVerified in `v2026.4.15`:\n\n- `src/gateway/server-methods/chat-webchat-media.ts` uses safe file-URL parsing, rejects Windows network paths, and calls `assertLocalMediaAllowed` before probing local audio files.\n- `src/media/web-media.ts` rejects remote-host `file://` URLs, Windows network paths, and local-root bypasses on the shared media path.\n- `src/gateway/server-methods/chat-webchat-media.test.ts` covers both remote-host `file://` rejection and local-root denial before filesystem access.\n\nFix commits included in `v2026.4.15` and absent from `v2026.4.14`:\n\n- `1470de5d3e0970856d86cd99336bb8ada3fe87da` via PR #67293\n- `6e58f1f9f54bca1fea1268ec0ee4c01a2af03dde` via PR #67298\n- `52ef42302ead9e183e6c8810e0a04ee4ef8ae9fc` via PR #67303 as defense-in-depth for trusted media passthrough anchoring\n\nThanks to @Kherrisan for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41389", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13127", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13168", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13165", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41389" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/1470de5d3e0970856d86cd99336bb8ada3fe87da", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-20T18:04:52Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/1470de5d3e0970856d86cd99336bb8ada3fe87da" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/52ef42302ead9e183e6c8810e0a04ee4ef8ae9fc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-20T18:04:52Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/52ef42302ead9e183e6c8810e0a04ee4ef8ae9fc" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/6e58f1f9f54bca1fea1268ec0ee4c01a2af03dde", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-20T18:04:52Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/6e58f1f9f54bca1fea1268ec0ee4c01a2af03dde" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/67293", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/67293" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/67298", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/67298" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/67303", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/67303" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mr34-9552-qr95", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-20T18:04:52Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mr34-9552-qr95" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41389", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41389" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-unvalidated-tool-result-media-paths", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-20T18:04:52Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-unvalidated-tool-result-media-paths" }, { "reference_url": "https://github.com/advisories/GHSA-mr34-9552-qr95", "reference_id": "GHSA-mr34-9552-qr95", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mr34-9552-qr95" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109881?format=api", "purl": "pkg:npm/openclaw@2026.4.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.15" } ], "aliases": [ "CVE-2026-41389", "GHSA-mr34-9552-qr95" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h9a4-1twb-d7d1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90349?format=api", "vulnerability_id": "VCID-hphn-8fnj-qkh2", "summary": "OpenClaw: Microsoft Teams SSO invoke handler missed sender authorization checks\n## Summary\n\nMicrosoft Teams SSO invoke handler missed sender authorization checks.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `>= 2026.4.10 < 2026.4.14`\n- Patched versions: `>= 2026.4.14`\n\n## Impact\n\nMicrosoft Teams SSO signin invoke handling could process an invoke from a sender before applying the same sender allowlist checks used by normal message handling.\n\n## Technical Details\n\nThe fix routes SSO invoke handling through the Teams sender authorization path and adds coverage for denied senders.\n\n## Fix\n\nThe issue was fixed in #66033. The first stable tag containing the fix is `v2026.4.14`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `80b1fa17bfc3f6a668492f0326ea52f48bb89776`\n- PR: #66033\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.14 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43572", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11979", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13224", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13264", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43572" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/80b1fa17bfc3f6a668492f0326ea52f48bb89776", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N/E:U" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-05T14:23:37Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/80b1fa17bfc3f6a668492f0326ea52f48bb89776" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/66033", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/66033" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gc9r-867r-j85f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N/E:U" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-05T14:23:37Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gc9r-867r-j85f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43572", "reference_id": "CVE-2026-43572", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43572" }, { "reference_url": "https://github.com/advisories/GHSA-gc9r-867r-j85f", "reference_id": "GHSA-gc9r-867r-j85f", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gc9r-867r-j85f" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-missing-sender-authorization-in-microsoft-teams-sso-invoke-handler", "reference_id": "openclaw-missing-sender-authorization-in-microsoft-teams-sso-invoke-handler", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-05T14:23:37Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-missing-sender-authorization-in-microsoft-teams-sso-invoke-handler" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109967?format=api", "purl": "pkg:npm/openclaw@2026.4.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.14" } ], "aliases": [ "CVE-2026-43572", "GHSA-gc9r-867r-j85f" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hphn-8fnj-qkh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89972?format=api", "vulnerability_id": "VCID-hy24-6xpe-pkb7", "summary": "OpenClaw: Heartbeat owner downgrade missed untrusted webhook wake events\n## Summary\n\nHeartbeat owner downgrade missed untrusted webhook wake events.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `>= 2026.4.7 < 2026.4.14`\n- Patched versions: `>= 2026.4.14`\n\n## Impact\n\nHeartbeat owner downgrade logic could skip webhook wake events carrying untrusted content, preserving owner-like execution context where the run should have been downgraded.\n\n## Technical Details\n\nThe fix includes wake and hook event reasons in owner-downgrade inspection and forces downgrade for untrusted hook wake events.\n\n## Fix\n\nThe issue was fixed in #66031. The first stable tag containing the fix is `v2026.4.14`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `31281bc92f55796817a92bc43f722cba1e77ab42`\n- PR: #66031\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.14 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43566", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34866", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36675", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36711", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43566" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/31281bc92f55796817a92bc43f722cba1e77ab42", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "9.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-05T14:28:26Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/31281bc92f55796817a92bc43f722cba1e77ab42" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/66031", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/66031" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-g2hm-779g-vm32", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "9.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-05T14:28:26Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-g2hm-779g-vm32" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43566", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43566" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-untrusted-webhook-wake-events", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "9.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-05T14:28:26Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-untrusted-webhook-wake-events" }, { "reference_url": "https://github.com/advisories/GHSA-g2hm-779g-vm32", "reference_id": "GHSA-g2hm-779g-vm32", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g2hm-779g-vm32" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109967?format=api", "purl": "pkg:npm/openclaw@2026.4.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.14" } ], "aliases": [ "CVE-2026-43566", "GHSA-g2hm-779g-vm32" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hy24-6xpe-pkb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89119?format=api", "vulnerability_id": "VCID-hz33-9efv-c7ef", "summary": "OpenClaw: Feishu card actions could misclassify DMs and skip dmPolicy\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nFeishu card-action callbacks could synthesize a message event with DM conversations classified as group conversations. That skipped `dmPolicy` enforcement for card actions, so a sender in a Feishu DM could trigger card-action flows that should have been blocked by a restrictive DM policy.\n\nThe issue is limited to Feishu card-action handling. Severity is medium.\n\n## Fix\n\nOpenClaw now resolves Feishu card-action chat type before dispatch, including API lookup when stored context is unavailable, and avoids falling through to group handling for DMs.\n\nFix commit:\n\n- `90979d7c3ef7ec30b9f8aa6963a5e38d2f17d166`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/90979d7c3ef7ec30b9f8aa6963a5e38d2f17d166", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/90979d7c3ef7ec30b9f8aa6963a5e38d2f17d166" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-72q8-jcmc-97wx", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-72q8-jcmc-97wx" }, { "reference_url": "https://github.com/advisories/GHSA-72q8-jcmc-97wx", "reference_id": "GHSA-72q8-jcmc-97wx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-72q8-jcmc-97wx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109923?format=api", "purl": "pkg:npm/openclaw@2026.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20" } ], "aliases": [ "GHSA-72q8-jcmc-97wx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hz33-9efv-c7ef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93303?format=api", "vulnerability_id": "VCID-jshg-1pb2-wbak", "summary": "OpenClaw validates Zalo outbound photo URLs through the SSRF guard\n## Summary\nZalo outbound photo URLs are validated through the SSRF guard.\n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: <= 2026.4.21\n- Fixed version: 2026.4.22\n\n## Impact\nThe Zalo plugin could forward an attacker-controlled outbound photo URL to the Zalo Bot API without first applying OpenClaw's SSRF validation policy.\n\n## Fix\nZalo sendPhoto now parses and validates outbound photo URLs with the shared SSRF hostname policy before posting to Zalo, and media-reply paths route through the guarded outbound media helpers.\n\n## Fix Commit(s)\n- a65eb1b864b7630c1242a82de9e5799b80583c3f\n\n## Verification\n- The fix commit is contained in the public v2026.4.22 tag.\n- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.\n- Focused regression coverage for this path passed before publication.\n\nOpenClaw thanks @foodlook for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44116", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13839", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13842", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.1519", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44116" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/a65eb1b864b7630c1242a82de9e5799b80583c3f", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:59:02Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/a65eb1b864b7630c1242a82de9e5799b80583c3f" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2hh7-c75g-qj2r", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:59:02Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2hh7-c75g-qj2r" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44116", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44116" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-in-zalo-photo-url-validation", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:59:02Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-in-zalo-photo-url-validation" }, { "reference_url": "https://github.com/advisories/GHSA-2hh7-c75g-qj2r", "reference_id": "GHSA-2hh7-c75g-qj2r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2hh7-c75g-qj2r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114466?format=api", "purl": "pkg:npm/openclaw@2026.4.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22" } ], "aliases": [ "CVE-2026-44116", "GHSA-2hh7-c75g-qj2r" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jshg-1pb2-wbak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89025?format=api", "vulnerability_id": "VCID-k8s8-zjv4-gqdb", "summary": "OpenClaw: Paired-device pairing actions were not limited to the caller device\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nA paired device session with limited pairing scope could enumerate global pairing state and act on pairing requests that belonged to another device within the same gateway scope ceiling.\n\nThis is a same-gateway paired-device authorization bug, not a remote unauthenticated issue. Severity is low.\n\n## Fix\n\nPairing management actions are now limited to the caller device, so non-admin paired-device sessions cannot approve or operate on unrelated pending device requests.\n\nFix commit:\n\n- `5a12f30441d5b0b151f550daa2c5c9e8db61e2e6`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/5a12f30441d5b0b151f550daa2c5c9e8db61e2e6", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/5a12f30441d5b0b151f550daa2c5c9e8db61e2e6" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xrq9-jm7v-g9h7", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xrq9-jm7v-g9h7" }, { "reference_url": "https://github.com/advisories/GHSA-xrq9-jm7v-g9h7", "reference_id": "GHSA-xrq9-jm7v-g9h7", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xrq9-jm7v-g9h7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109923?format=api", "purl": "pkg:npm/openclaw@2026.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20" } ], "aliases": [ "GHSA-xrq9-jm7v-g9h7" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k8s8-zjv4-gqdb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95751?format=api", "vulnerability_id": "VCID-kcy2-a98b-uyg7", "summary": "OpenClaw's exec allowlist analysis rejects shell expansion in unquoted heredocs\n## Summary\nExec allowlist analysis rejects shell expansion in unquoted heredocs\n\n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: <= 2026.4.21\n- Fixed version: 2026.4.22\n\n## Impact\nAn allowlisted command containing an unquoted heredoc could hide shell expansion in the heredoc body. That could make the approved command text look safer than what the shell would evaluate at runtime.\n\n## Fix\nThe exec command analyzer now tracks heredoc bodies, rejects unquoted heredoc expansion tokens and continuation-splice bypasses, and preserves quoted heredocs and literal safe text.\n\n## Fix Commit(s)\n- b2e8b7d4bb2f22eaa16f5c4b07547774e90b65a5\n\n## Verification\n- The fix commit is contained in the public v2026.4.22 tag.\n- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.\n- Focused regression coverage for this path passed before publication.\n\nThanks @VladimirEliTokarev for reporting.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/b2e8b7d4bb2f22eaa16f5c4b07547774e90b65a5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/b2e8b7d4bb2f22eaa16f5c4b07547774e90b65a5" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-x3h8-jrgh-p8jx", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-x3h8-jrgh-p8jx" }, { "reference_url": "https://github.com/advisories/GHSA-x3h8-jrgh-p8jx", "reference_id": "GHSA-x3h8-jrgh-p8jx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x3h8-jrgh-p8jx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114466?format=api", "purl": "pkg:npm/openclaw@2026.4.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22" } ], "aliases": [ "GHSA-x3h8-jrgh-p8jx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kcy2-a98b-uyg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/308011?format=api", "vulnerability_id": "VCID-kxmf-d7w1-xfcv", "summary": "OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms, potentially enabling privileged OpenClaw behavior.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44110", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15902", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15912", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18208", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44110" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/67294", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/pull/67294" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/67325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/pull/67325" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/2bfd808a83116bd888e3e2633a61473fa2ed81b6", "reference_id": "2bfd808a83116bd888e3e2633a61473fa2ed81b6", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:58:00Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/2bfd808a83116bd888e3e2633a61473fa2ed81b6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44110", "reference_id": "CVE-2026-44110", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44110" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/f8705f512b09043df02b5da372c33374734bd921", "reference_id": "f8705f512b09043df02b5da372c33374734bd921", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:58:00Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/f8705f512b09043df02b5da372c33374734bd921" }, { "reference_url": "https://github.com/advisories/GHSA-2gvc-4f3c-2855", "reference_id": "GHSA-2gvc-4f3c-2855", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2gvc-4f3c-2855" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2gvc-4f3c-2855", "reference_id": "GHSA-2gvc-4f3c-2855", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:58:00Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2gvc-4f3c-2855" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-matrix-room-control-commands-via-dm-pairing-store", "reference_id": "openclaw-authorization-bypass-in-matrix-room-control-commands-via-dm-pairing-store", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:58:00Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-matrix-room-control-commands-via-dm-pairing-store" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109881?format=api", "purl": "pkg:npm/openclaw@2026.4.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.15" } ], "aliases": [ "CVE-2026-44110", "GHSA-2gvc-4f3c-2855" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kxmf-d7w1-xfcv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89344?format=api", "vulnerability_id": "VCID-nkh4-j2pe-1qhr", "summary": "OpenClaw: QQBot direct media upload skipped URL SSRF validation\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nThe QQBot direct-upload media path could forward attacker-controlled image URLs without applying the SSRF validation used by the local download path. This could make configured QQBot media delivery request or relay URLs the operator did not intend to allow.\n\nThe affected path is limited to QQBot outbound media handling and does not expose arbitrary local files. Severity is low.\n\n## Fix\n\nOpenClaw now validates QQBot direct-upload media URLs before `uploadC2CMedia` and `uploadGroupMedia` direct-upload calls.\n\nFix commit:\n\n- `49db424c8001f2f419aad85f434894d8d85c1a09`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44117", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12782", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12786", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.14064", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44117" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/49db424c8001f2f419aad85f434894d8d85c1a09", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:33:16Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/49db424c8001f2f419aad85f434894d8d85c1a09" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-c4qg-j8jg-42q5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:33:16Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-c4qg-j8jg-42q5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44117", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44117" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-in-qqbot-direct-media-upload", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:33:16Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-in-qqbot-direct-media-upload" }, { "reference_url": "https://github.com/advisories/GHSA-c4qg-j8jg-42q5", "reference_id": "GHSA-c4qg-j8jg-42q5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c4qg-j8jg-42q5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109923?format=api", "purl": "pkg:npm/openclaw@2026.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20" } ], "aliases": [ "CVE-2026-44117", "GHSA-c4qg-j8jg-42q5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nkh4-j2pe-1qhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89625?format=api", "vulnerability_id": "VCID-p8xd-2um4-9ufr", "summary": "OpenClaw: Assistant media route missed scope enforcement for trusted-proxy authorization\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nThe Control UI assistant-media route authenticated trusted-proxy callers but did not enforce the declared operator scopes for identity-bearing HTTP auth paths. A trusted-proxy caller without `operator.read` could access assistant-media files and metadata that were otherwise inside allowed media roots.\n\nThe route still required successful gateway authentication and media-root checks. Severity is low.\n\n## Fix\n\nAssistant-media file and metadata requests now require `operator.read` on identity-bearing HTTP auth paths.\n\nFix commit:\n\n- `99ef3a63c58440d53f8e45ad861b846032fcb036`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41908", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11147", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11181", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11188", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41908" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/99ef3a63c58440d53f8e45ad861b846032fcb036", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T18:25:38Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/99ef3a63c58440d53f8e45ad861b846032fcb036" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-v8qf-fr4g-28p2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T18:25:38Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-v8qf-fr4g-28p2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41908", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41908" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-scope-enforcement-bypass-in-assistant-media-route", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T18:25:38Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-scope-enforcement-bypass-in-assistant-media-route" }, { "reference_url": "https://github.com/advisories/GHSA-v8qf-fr4g-28p2", "reference_id": "GHSA-v8qf-fr4g-28p2", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v8qf-fr4g-28p2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109923?format=api", "purl": "pkg:npm/openclaw@2026.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20" } ], "aliases": [ "CVE-2026-41908", "GHSA-v8qf-fr4g-28p2" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p8xd-2um4-9ufr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89604?format=api", "vulnerability_id": "VCID-rr6t-1193-ybgz", "summary": "OpenClaw: MCP stdio server env could load dangerous startup variables from workspace config\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nWorkspace MCP stdio configuration could pass dangerous process-startup environment variables such as `NODE_OPTIONS`, `LD_PRELOAD`, or `BASH_ENV` to the spawned MCP server process. In a malicious workspace, this could make the MCP child load attacker-controlled code when the operator starts a session that uses that MCP server.\n\nThe impact is limited to local/workspace trust boundaries and requires the operator to run OpenClaw in a workspace containing the malicious MCP configuration. Severity is therefore medium, not high/critical.\n\n## Fix\n\nOpenClaw now filters MCP stdio environment entries through the host environment safety denylist before spawning stdio MCP servers.\n\nFix commits:\n\n- `62fa5071896e95edc7f67d1cebc70a2859e283af`\n- `85d86ebc4bf3d2226d39d132a484f4f7a299fa1b`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44995", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01944", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01954", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01946", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44995" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/62fa5071896e95edc7f67d1cebc70a2859e283af", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T17:56:23Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/62fa5071896e95edc7f67d1cebc70a2859e283af" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/85d86ebc4bf3d2226d39d132a484f4f7a299fa1b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T17:56:23Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/85d86ebc4bf3d2226d39d132a484f4f7a299fa1b" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mj59-h3q9-ghfh", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T17:56:23Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mj59-h3q9-ghfh" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44995", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44995" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-mcp-stdio-environment-variables", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T17:56:23Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-mcp-stdio-environment-variables" }, { "reference_url": "https://github.com/advisories/GHSA-mj59-h3q9-ghfh", "reference_id": "GHSA-mj59-h3q9-ghfh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mj59-h3q9-ghfh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109923?format=api", "purl": "pkg:npm/openclaw@2026.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20" } ], "aliases": [ "CVE-2026-44995", "GHSA-mj59-h3q9-ghfh" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rr6t-1193-ybgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91952?format=api", "vulnerability_id": "VCID-ry1r-br3q-2uaw", "summary": "OpenClaw: MCP loopback owner context is derived from server-issued bearer tokens\n## Summary\nMCP loopback owner context is derived from server-issued bearer tokens.\n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: <= 2026.4.21\n- Fixed version: 2026.4.22\n\n## Impact\nThe loopback MCP path accepted spoofable owner-context metadata from request headers, which could allow a non-owner loopback client to present itself as owner for owner-gated operations.\n\n## Fix\nThe MCP loopback runtime now issues separate owner and non-owner bearer tokens and derives senderIsOwner exclusively from which token authenticated the request. The spoofable sender-owner header is no longer emitted or trusted.\n\n## Fix Commit(s)\n- 3cb1a56bfc9579a0f2336f9cfa12a8a744332a19\n\n## Verification\n- The fix commit is contained in the public v2026.4.22 tag.\n- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.\n- Focused regression coverage for this path passed before publication.\n\nOpenClaw thanks @VladimirEliTokarev for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44118", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01838", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01843", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02646", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44118" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/3cb1a56bfc9579a0f2336f9cfa12a8a744332a19", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T17:21:33Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/3cb1a56bfc9579a0f2336f9cfa12a8a744332a19" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-r6xh-pqhr-v4xh", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T17:21:33Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-r6xh-pqhr-v4xh" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44118", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44118" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-owner-context-spoofing-via-bearer-token-header", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T17:21:33Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-owner-context-spoofing-via-bearer-token-header" }, { "reference_url": "https://github.com/advisories/GHSA-r6xh-pqhr-v4xh", "reference_id": "GHSA-r6xh-pqhr-v4xh", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r6xh-pqhr-v4xh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114466?format=api", "purl": "pkg:npm/openclaw@2026.4.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22" } ], "aliases": [ "CVE-2026-44118", "GHSA-r6xh-pqhr-v4xh" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ry1r-br3q-2uaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92085?format=api", "vulnerability_id": "VCID-t2ve-xemk-mqa9", "summary": "OpenClaw: OpenShell FS bridge writes stay pinned to the sandbox mount root\n## Summary\nOpenShell FS bridge writes stay pinned to the sandbox mount root \n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: <= 2026.4.21\n- Fixed version: 2026.4.22\n\n## Impact\nA time-of-check/time-of-use race around OpenShell sandbox filesystem writes could let a symlink swap redirect a write outside the intended local mount root.\n\n## Fix\nOpenShell write paths now validate the canonical target against the mount root, reject unsafe symlink parents and symlink leaves for writes, and use root-scoped write helpers before syncing to the remote sandbox.\n\n## Fix Commit(s)\n- 7be82d4fd1193bcb7e44ee38838f00bf924ffa76\n\n## Verification\n- The fix commit is contained in the public v2026.4.22 tag.\n- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.\n- Focused regression coverage for this path passed before publication.\n\nThanks @VladimirEliTokarev for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44112", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09643", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09624", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11223", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44112" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/7be82d4fd1193bcb7e44ee38838f00bf924ffa76", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T17:25:18Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/7be82d4fd1193bcb7e44ee38838f00bf924ffa76" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wppj-c6mr-83jj", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T17:25:18Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wppj-c6mr-83jj" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44112", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44112" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-symlink-swap-race-condition-in-openshell-fs-bridge-writes", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T17:25:18Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-symlink-swap-race-condition-in-openshell-fs-bridge-writes" }, { "reference_url": "https://github.com/advisories/GHSA-wppj-c6mr-83jj", "reference_id": "GHSA-wppj-c6mr-83jj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wppj-c6mr-83jj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114466?format=api", "purl": "pkg:npm/openclaw@2026.4.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22" } ], "aliases": [ "CVE-2026-44112", "GHSA-wppj-c6mr-83jj" ], "risk_score": 4.3, "exploitability": "0.5", "weighted_severity": "8.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t2ve-xemk-mqa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89045?format=api", "vulnerability_id": "VCID-t2yy-9ume-t7be", "summary": "OpenClaw: Collect-mode queue batches could reuse the last sender authorization context\n## Summary\n\nCollect-mode queue batches could reuse the last sender authorization context.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.14`\n- Patched versions: `>= 2026.4.14`\n\n## Impact\n\nCollect-mode queued messages from different senders could be drained as one batch using the final sender's authorization context, allowing earlier messages to inherit a more privileged context.\n\n## Technical Details\n\nThe fix splits collect-mode batches by sender authorization context before dispatch, preserving each message's own trust state.\n\n## Fix\n\nThe issue was fixed in #66024. The first stable tag containing the fix is `v2026.4.14`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `43d4be902755c970b3d15608679761877718da69`\n- PR: #66024\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.14 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43535", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07719", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08979", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08998", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43535" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/43d4be902755c970b3d15608679761877718da69", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T12:07:14Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/43d4be902755c970b3d15608679761877718da69" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/66024", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/66024" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jwrq-8g5x-5fhm", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T12:07:14Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jwrq-8g5x-5fhm" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43535", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43535" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-authorization-context-reuse-in-collect-mode-queue-batches", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T12:07:14Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-authorization-context-reuse-in-collect-mode-queue-batches" }, { "reference_url": "https://github.com/advisories/GHSA-jwrq-8g5x-5fhm", "reference_id": "GHSA-jwrq-8g5x-5fhm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jwrq-8g5x-5fhm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109967?format=api", "purl": "pkg:npm/openclaw@2026.4.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.14" } ], "aliases": [ "CVE-2026-43535", "GHSA-jwrq-8g5x-5fhm" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t2yy-9ume-t7be" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89518?format=api", "vulnerability_id": "VCID-vz7k-r7c4-ebfg", "summary": "OpenClaw: Browser CDP profile creation skipped strict-mode SSRF checks\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nBrowser profile creation normalized `cdpUrl` values before persisting them, but did not apply the configured browser SSRF policy at creation time. In deployments that explicitly disabled private-network CDP targets, a stored profile could still point at a private-network or metadata endpoint and later be probed by normal profile status flows.\n\nDefault trusted-operator browser behavior allows private-network CDP endpoints, so this only affected strict-mode deployments. Severity is low.\n\n## Fix\n\nOpenClaw now checks CDP endpoints against the browser SSRF policy during profile creation and reachability operations.\n\nFix commits:\n\n- `1fd049e3074cac72f6734a7fe88468c84f5f8bd7`\n- `e90c89cf8b1459f2aa1f3a665be67392b6c03fdf`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/1fd049e3074cac72f6734a7fe88468c84f5f8bd7", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/1fd049e3074cac72f6734a7fe88468c84f5f8bd7" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/e90c89cf8b1459f2aa1f3a665be67392b6c03fdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/e90c89cf8b1459f2aa1f3a665be67392b6c03fdf" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-j4c5-89f5-f3pm", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-j4c5-89f5-f3pm" }, { "reference_url": "https://github.com/advisories/GHSA-j4c5-89f5-f3pm", "reference_id": "GHSA-j4c5-89f5-f3pm", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j4c5-89f5-f3pm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109923?format=api", "purl": "pkg:npm/openclaw@2026.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20" } ], "aliases": [ "GHSA-j4c5-89f5-f3pm" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vz7k-r7c4-ebfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89278?format=api", "vulnerability_id": "VCID-w2yd-uw91-9yck", "summary": "OpenClaw: Workspace dotenv MiniMax host override could redirect credentialed requests\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `>= 2026.4.5, < 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nA malicious workspace `.env` could set `MINIMAX_API_HOST` and redirect credentialed MiniMax requests to an attacker-controlled origin, exposing the MiniMax API key in the outbound `Authorization` header.\n\nThis requires running OpenClaw from an attacker-controlled workspace. Severity is medium.\n\n## Fix\n\nOpenClaw now blocks `MINIMAX_API_HOST` from workspace dotenv injection and removes env-driven URL routing from the affected MiniMax request path.\n\nFix commit:\n\n- `2f06696579a1ab0cb5bbbbb6a900414a6b2e3cd1`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44992", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01308", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01307", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01303", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44992" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/2f06696579a1ab0cb5bbbbb6a900414a6b2e3cd1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "4.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:27:53Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/2f06696579a1ab0cb5bbbbb6a900414a6b2e3cd1" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-h2vw-ph2c-jvwf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "4.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:27:53Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-h2vw-ph2c-jvwf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44992", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44992" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-minimax-api-host-override-via-workspace-dotenv", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "4.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:27:53Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-minimax-api-host-override-via-workspace-dotenv" }, { "reference_url": "https://github.com/advisories/GHSA-h2vw-ph2c-jvwf", "reference_id": "GHSA-h2vw-ph2c-jvwf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h2vw-ph2c-jvwf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109923?format=api", "purl": "pkg:npm/openclaw@2026.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20" } ], "aliases": [ "CVE-2026-44992", "GHSA-h2vw-ph2c-jvwf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w2yd-uw91-9yck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95118?format=api", "vulnerability_id": "VCID-xj73-kszs-yygp", "summary": "OpenClaw's ACP child sessions inherit subagent security envelope constraints\n## Summary\nACP child sessions inherit subagent security envelope constraints.\n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: <= 2026.4.21\n- Fixed version: 2026.4.22\n\n## Impact\nA restricted subagent spawning an ACP child session could fail to carry forward subagent-only constraints such as depth, child-count limits, control scope, or target-agent restrictions.\n\n## Fix\nACP spawn now resolves and persists child subagent envelope fields, enforces maximum depth and active-child caps, and applies the inherited control scope to child ACP sessions.\n\n## Fix Commit(s)\n- 31160dc069b7cc5d833b39c53736a41ad3befda2\n\n## Verification\n- The fix commit is contained in the public v2026.4.22 tag.\n- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.\n- Focused regression coverage for this path passed before publication.\n\nOpenClaw thanks @zsxsoft, @qclawer, and @KeenSecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44997", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08411", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08403", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08423", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44997" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/31160dc069b7cc5d833b39c53736a41ad3befda2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:34Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/31160dc069b7cc5d833b39c53736a41ad3befda2" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q3jj-46pq-826r", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:34Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q3jj-46pq-826r" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44997", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44997" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-security-envelope-constraint-bypass-in-acp-child-sessions", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:34Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-security-envelope-constraint-bypass-in-acp-child-sessions" }, { "reference_url": "https://github.com/advisories/GHSA-q3jj-46pq-826r", "reference_id": "GHSA-q3jj-46pq-826r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q3jj-46pq-826r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114466?format=api", "purl": "pkg:npm/openclaw@2026.4.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22" } ], "aliases": [ "CVE-2026-44997", "GHSA-q3jj-46pq-826r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xj73-kszs-yygp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90078?format=api", "vulnerability_id": "VCID-xsct-xjs7-nbab", "summary": "OpenClaw: Feishu webhook and card-action validation now fail closed\n## Summary\n\nFeishu webhook mode accepted missing `encryptKey` configuration as valid and blank card-action callback tokens as usable lifecycle tokens. Together, those fail-open paths could allow unauthenticated webhook or card-action traffic to reach command dispatch in affected deployments.\n\n## Impact\n\nA deployment using Feishu webhook mode without a configured `encryptKey`, or handling malformed card-action callbacks with blank callback tokens, could fail open instead of rejecting the request. Severity remains critical because affected webhook deployments expose a network-triggered path into OpenClaw command handling without the expected Feishu signature or replay protection.\n\n## Affected versions\n\n- Affected: `< 2026.4.15`\n- Patched: `2026.4.15`\n\n## Fix\n\nOpenClaw `2026.4.15` makes Feishu webhook and card-action validation fail closed. Webhook mode now refuses to start without an `encryptKey`, missing signing configuration returns invalid instead of valid, invalid signatures return `401`, and blank card-action callback tokens are rejected before dispatch.\n\nVerified in `v2026.4.15`:\n\n- `extensions/feishu/src/monitor.transport.ts` returns invalid when `encryptKey` is missing, refuses webhook mode without `encryptKey`, and rejects invalid signatures before JSON handling.\n- `extensions/feishu/src/card-action.ts` rejects blank callback tokens in the card-action lifecycle guard.\n- `extensions/feishu/src/monitor.webhook-security.test.ts` covers missing-`encryptKey` startup and transport rejection.\n- `extensions/feishu/src/monitor.card-action.lifecycle.test.ts` covers malformed blank-token card actions being dropped before handler dispatch.\n\nFix commit included in `v2026.4.15` and absent from `v2026.4.14`:\n\n- `c8003f1b33ed2924be5f62131bd28742c5a41aae` via PR #66707\n\nThanks to @dhyabi2 for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44109", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.3993", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.39934", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42032", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44109" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/c8003f1b33ed2924be5f62131bd28742c5a41aae", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-07T12:34:48Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/c8003f1b33ed2924be5f62131bd28742c5a41aae" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/66707", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/66707" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xh72-v6v9-mwhc", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-07T12:34:48Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xh72-v6v9-mwhc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44109", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44109" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-authentication-bypass-in-feishu-webhook-and-card-action-validation", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-07T12:34:48Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-authentication-bypass-in-feishu-webhook-and-card-action-validation" }, { "reference_url": "https://github.com/advisories/GHSA-xh72-v6v9-mwhc", "reference_id": "GHSA-xh72-v6v9-mwhc", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xh72-v6v9-mwhc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109881?format=api", "purl": "pkg:npm/openclaw@2026.4.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.15" } ], "aliases": [ "CVE-2026-44109", "GHSA-xh72-v6v9-mwhc" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xsct-xjs7-nbab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89941?format=api", "vulnerability_id": "VCID-y65g-4baa-a7c2", "summary": "OpenClaw: Hook mapping templates could bypass hook session-key opt-in\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nTemplated hook mapping `sessionKey` values were treated differently from request-supplied session keys. A hook mapping could render an externally influenced session key even when `hooks.allowRequestSessionKey` was disabled, bypassing the intended routing opt-in for hook callers.\n\nThis affects webhook routing isolation. It does not grant host execution by itself. Severity is medium.\n\n## Fix\n\nTemplate-rendered mapping session keys are now treated as externally supplied routing input and require `hooks.allowRequestSessionKey=true` plus the existing prefix policy checks.\n\nFix commit:\n\n- `5275d008ed33203dba3f98e969ad683a65c416c3`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45002", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10694", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10682", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10719", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45002" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/5275d008ed33203dba3f98e969ad683a65c416c3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:46:08Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/5275d008ed33203dba3f98e969ad683a65c416c3" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2xcp-x87w-q377", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:46:08Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2xcp-x87w-q377" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45002", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45002" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-hook-session-key-bypass-via-template-mapping", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:46:08Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-hook-session-key-bypass-via-template-mapping" }, { "reference_url": "https://github.com/advisories/GHSA-2xcp-x87w-q377", "reference_id": "GHSA-2xcp-x87w-q377", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2xcp-x87w-q377" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109923?format=api", "purl": "pkg:npm/openclaw@2026.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20" } ], "aliases": [ "CVE-2026-45002", "GHSA-2xcp-x87w-q377" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y65g-4baa-a7c2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95220?format=api", "vulnerability_id": "VCID-ye4t-n6r3-67ab", "summary": "OpenClaw's gateway config mutation guard allowed unsafe model-driven config writes\n## Summary\n\nThe agent-facing `gateway` tool protects `config.apply` and `config.patch` with a model-to-operator trust boundary. That guard used a hand-maintained denylist of protected config paths. The config schema outgrew that denylist, leaving sensitive subtrees writable through model-driven gateway config mutations.\n\n## Impact\n\nA prompt-injected or otherwise compromised model running with access to the owner-only `gateway` tool could persist unsafe config changes that crossed security boundaries. Examples included config paths affecting command execution, network/proxy/TLS behavior, credential forwarding, telemetry or hook endpoints, memory/indexing surfaces, and operator policy controls. These changes could survive restart once written to config.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` on npm\n- Affected: versions before `2026.4.23`\n- Fixed: `2026.4.23`\n- Latest stable verified fixed: `openclaw@2026.4.23`, tag `v2026.4.23`\n\n## Fix\n\nOpenClaw replaced the denylist with a fail-closed allowlist. Agent-driven `gateway config.apply` and `gateway config.patch` now permit only narrow agent-tunable prompt/model settings and mention-gating paths. Other config changes are rejected before the gateway mutation RPC is invoked.\n\n## Fix Commit(s)\n\n- `bceda6089aa7b3695cc7696b43c61ae3d01bb0ec` (`fix(gateway): fail closed on runtime config edits`)\n\n## Severity\n\nSeverity remains `high`. The vulnerable entry point is owner-only, but the model/agent is not a trusted principal under OpenClaw's security model, and the guard is the explicit model-to-operator boundary for persisted config mutation.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/bceda6089aa7b3695cc7696b43c61ae3d01bb0ec", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/bceda6089aa7b3695cc7696b43c61ae3d01bb0ec" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cwj3-vqpp-pmxr", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cwj3-vqpp-pmxr" }, { "reference_url": "https://github.com/advisories/GHSA-cwj3-vqpp-pmxr", "reference_id": "GHSA-cwj3-vqpp-pmxr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cwj3-vqpp-pmxr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114733?format=api", "purl": "pkg:npm/openclaw@2026.4.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.23" } ], "aliases": [ "GHSA-cwj3-vqpp-pmxr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ye4t-n6r3-67ab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89627?format=api", "vulnerability_id": "VCID-yhpq-5qy3-y7bn", "summary": "OpenClaw: Workspace dotenv could override runtime-control environment variables\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nWorkspace `.env` loading did not reserve the `OPENCLAW_` runtime-control namespace broadly enough. A malicious workspace could set variables such as `OPENCLAW_GIT_DIR` before source-update or installer flows, potentially steering trusted OpenClaw runtime behavior.\n\nThis requires running OpenClaw from an attacker-controlled workspace. Severity is medium.\n\n## Fix\n\nOpenClaw now reserves the workspace `OPENCLAW_` environment namespace and rejects workspace dotenv entries for OpenClaw runtime-control variables.\n\nFix commit:\n\n- `018494fa3ebb9145112e68b56fe1cb2e9f9a9ed6`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44114", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06532", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.0653", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07178", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44114" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/018494fa3ebb9145112e68b56fe1cb2e9f9a9ed6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:52:56Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/018494fa3ebb9145112e68b56fe1cb2e9f9a9ed6" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hxvm-xjvf-93f3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:52:56Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hxvm-xjvf-93f3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44114", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44114" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-environment-variable-namespace-collision-via-workspace-dotenv", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:52:56Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-environment-variable-namespace-collision-via-workspace-dotenv" }, { "reference_url": "https://github.com/advisories/GHSA-hxvm-xjvf-93f3", "reference_id": "GHSA-hxvm-xjvf-93f3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hxvm-xjvf-93f3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109923?format=api", "purl": "pkg:npm/openclaw@2026.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20" } ], "aliases": [ "CVE-2026-44114", "GHSA-hxvm-xjvf-93f3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yhpq-5qy3-y7bn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92141?format=api", "vulnerability_id": "VCID-ymmv-2qmq-6kap", "summary": "OpenClaw: OpenShell FS bridge reads pin and verify the opened file before returning bytes\n## Summary\nOpenShell FS bridge reads pin and verify the opened file before returning bytes \n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: <= 2026.4.21\n- Fixed version: 2026.4.22\n\n## Impact\nA time-of-check/time-of-use race around OpenShell sandbox filesystem reads could let a symlink swap cause bytes outside the intended mount root to be read.\n\n## Fix\nOpenShell reads now open the file with no-follow semantics where available, validate the pinned file descriptor against the canonical mount root, reject unsafe hardlink/symlink cases, and use a strict fallback ancestor walk on platforms without fd-path readback.\n\n## Fix Commit(s)\n- 95119017c847c737bd113f0bff728c4666d79c45\n\n## Verification\n- The fix commit is contained in the public v2026.4.22 tag.\n- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.\n- Focused regression coverage for this path passed before publication.\n\nThanks @VladimirEliTokarev for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44113", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09994", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09978", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11564", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44113" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/95119017c847c737bd113f0bff728c4666d79c45", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:04:19Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/95119017c847c737bd113f0bff728c4666d79c45" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5h3g-6xhh-rg6p", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:04:19Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5h3g-6xhh-rg6p" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44113", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44113" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-time-of-check-time-of-use-race-condition-in-openshell-fs-bridge", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:04:19Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-time-of-check-time-of-use-race-condition-in-openshell-fs-bridge" }, { "reference_url": "https://github.com/advisories/GHSA-5h3g-6xhh-rg6p", "reference_id": "GHSA-5h3g-6xhh-rg6p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5h3g-6xhh-rg6p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114466?format=api", "purl": "pkg:npm/openclaw@2026.4.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22" } ], "aliases": [ "CVE-2026-44113", "GHSA-5h3g-6xhh-rg6p" ], "risk_score": 3.8, "exploitability": "0.5", "weighted_severity": "7.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ymmv-2qmq-6kap" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.11" }