Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1069255?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1069255?format=api", "purl": "pkg:npm/openclaw@2026.4.22-beta.1", "type": "npm", "namespace": "", "name": "openclaw", "version": "2026.4.22-beta.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2026.4.23", "latest_non_vulnerable_version": "2026.4.23", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95449?format=api", "vulnerability_id": "VCID-4316-7q9a-xuhx", "summary": "OpenClaw's Webhooks SecretRef route secret remains valid after rotation/reload\n## Summary\n\nOpenClaw webhooks allowed route secrets to be backed by `SecretRef` values, but cached the resolved secret for a route. After an operator rotated the underlying secret and ran `openclaw secrets reload`, the previous resolved webhook secret could remain valid until the plugin or gateway restarted.\n\n## Impact\n\nAn attacker who already had a previously valid webhook route secret could continue authenticating webhook requests after the operator rotated the secret and reloaded secrets. This weakened credential rotation for webhook routes and could allow continued invocation of the configured webhook task flow until restart.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` on npm\n- Affected: versions before `2026.4.23`\n- Fixed: `2026.4.23`\n- Latest stable verified fixed: `openclaw@2026.4.23`, tag `v2026.4.23`\n\n## Fix\n\nWebhook route authentication now resolves `SecretRef`-backed route secrets on each request. A rotated secret becomes effective after `openclaw secrets reload` without requiring a gateway or plugin restart, and the old secret is rejected.\n\n## Fix Commit(s)\n\n- `36c4a372a0ad5dca8bfc0d93f7aab9c2f2de66fa` (`fix(webhooks): reload route secrets per request`)\n\n## Severity\n\nSeverity remains `medium`. The attack requires possession of a previously valid route secret, but the stale credential can continue to authorize webhook actions after rotation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45005", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17768", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17844", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17878", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17882", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45005" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/36c4a372a0ad5dca8bfc0d93f7aab9c2f2de66fa", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T16:10:40Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/36c4a372a0ad5dca8bfc0d93f7aab9c2f2de66fa" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q8ff-7ffm-m3r9", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T16:10:40Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q8ff-7ffm-m3r9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45005", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45005" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-webhook-route-secret-cache-not-invalidated-after-rotation", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T16:10:40Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-webhook-route-secret-cache-not-invalidated-after-rotation" }, { "reference_url": "https://github.com/advisories/GHSA-q8ff-7ffm-m3r9", "reference_id": "GHSA-q8ff-7ffm-m3r9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q8ff-7ffm-m3r9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114733?format=api", "purl": "pkg:npm/openclaw@2026.4.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.23" } ], "aliases": [ "CVE-2026-45005", "GHSA-q8ff-7ffm-m3r9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4316-7q9a-xuhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92152?format=api", "vulnerability_id": "VCID-4u3z-rs45-gbhe", "summary": "OpenClaw: Workspace dotenv files cannot override connector endpoint hosts\n## Summary\nWorkspace dotenv files cannot override connector endpoint hosts.\n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: <= 2026.4.21\n- Fixed version: 2026.4.22\n\n## Impact\nA workspace .env file could set connector endpoint variables for Matrix, Mattermost, IRC, or Synology-related connectors and redirect runtime traffic away from the operator-configured endpoint.\n\n## Fix\nWorkspace .env loading now blocks those endpoint variables, including per-account Matrix homeserver suffixes and generic base-url/API-host style overrides. Trusted global runtime dotenv loading remains separate.\n\n## Fix Commit(s)\n- 0623079e98abf7202591f1b04a89755eb7ec9272\n\n## Verification\n- The fix commit is contained in the public v2026.4.22 tag.\n- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.\n- Focused regression coverage for this path passed before publication.\n\nOpenClaw thanks @qi-scape for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45003", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01337", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01335", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01342", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01341", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45003" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/0623079e98abf7202591f1b04a89755eb7ec9272", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "4.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:02Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/0623079e98abf7202591f1b04a89755eb7ec9272" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-55cf-xx38-4p9p", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "4.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:02Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-55cf-xx38-4p9p" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45003", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45003" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-connector-endpoint-host-override-via-workspace-dotenv-files", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "4.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:02Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-connector-endpoint-host-override-via-workspace-dotenv-files" }, { "reference_url": "https://github.com/advisories/GHSA-55cf-xx38-4p9p", "reference_id": "GHSA-55cf-xx38-4p9p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-55cf-xx38-4p9p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114466?format=api", "purl": "pkg:npm/openclaw@2026.4.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22" } ], "aliases": [ "CVE-2026-45003", "GHSA-55cf-xx38-4p9p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4u3z-rs45-gbhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94834?format=api", "vulnerability_id": "VCID-dv5s-pvw1-a7fu", "summary": "OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution\n## Summary\n\nOpenClaw's bundled plugin setup resolver could fall back to `process.cwd()` while resolving provider setup metadata. If a user ran an OpenClaw command from an attacker-controlled repository containing `extensions/<plugin>/setup-api.js`, OpenClaw could load and execute that JavaScript during ordinary provider/model status resolution.\n\n## Impact\n\nThis is arbitrary JavaScript execution in the OpenClaw process under the current user account. A malicious repository could run code when the user executed commands such as provider/model inspection from that directory. The issue does not require gateway network exposure, but it does require user interaction: the user must run OpenClaw from a directory containing the attacker-controlled setup file.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` on npm\n- Affected: versions before `2026.4.23`\n- Fixed: `2026.4.23`\n- Latest stable verified fixed: `openclaw@2026.4.23`, tag `v2026.4.23`\n\n## Fix\n\nOpenClaw now resolves bundled setup fallbacks only from the canonical package/repository root and no longer includes `process.cwd()` as a trusted setup-api search root. A regression test verifies that a workspace-local `extensions/<plugin>/setup-api.js` is not loaded through provider setup resolution.\n\n## Fix Commit(s)\n\n- `993781e6e6eaf50f033cfc3e3bf4f47059740707` (`fix(plugins): ignore cwd setup-api fallback`)\n\n## Severity\n\nSeverity remains `high` because successful exploitation allows arbitrary code execution under the user running OpenClaw. The CVSS vector is local/user-interaction scoped rather than network-only because the victim must run OpenClaw from an attacker-controlled directory.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45004", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0286", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.028", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02815", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02869", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45004" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/993781e6e6eaf50f033cfc3e3bf4f47059740707", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T18:30:14Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/993781e6e6eaf50f033cfc3e3bf4f47059740707" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-r39h-4c2p-3jxp", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T18:30:14Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-r39h-4c2p-3jxp" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45004" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-setup-api-js-in-current-working-directory", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T18:30:14Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-setup-api-js-in-current-working-directory" }, { "reference_url": "https://github.com/advisories/GHSA-r39h-4c2p-3jxp", "reference_id": "GHSA-r39h-4c2p-3jxp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r39h-4c2p-3jxp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114733?format=api", "purl": "pkg:npm/openclaw@2026.4.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.23" } ], "aliases": [ "CVE-2026-45004", "GHSA-r39h-4c2p-3jxp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dv5s-pvw1-a7fu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93521?format=api", "vulnerability_id": "VCID-e25p-j5ed-yqfz", "summary": "OpenClaw's Gateway Control UI bootstrap config required Gateway auth\n## Summary\nGateway Control UI bootstrap config required Gateway auth.\n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: <= 2026.4.21\n- Fixed version: 2026.4.22\n\n## Impact\nWhen Gateway authentication was enabled, the Control UI bootstrap config endpoint could still be read without a valid Gateway token. That response could expose sensitive bootstrap/config fields intended only for authenticated Control UI sessions.\n\n## Fix\nThe bootstrap config route now goes through the same Gateway read-auth path as other authenticated Control UI reads. Regression tests cover unauthenticated rejection, valid-token access, and basePath handling.\n\n## Fix Commit(s)\n- 2321d67263bc710e357644d59f746b08d891051b\n\n## Verification\n- The fix commit is contained in the public v2026.4.22 tag.\n- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.\n- Focused regression coverage for this path passed before publication.\n\nOpenClaw thanks @zsxsoft for reporting.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/2321d67263bc710e357644d59f746b08d891051b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/2321d67263bc710e357644d59f746b08d891051b" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-93rg-2xm5-2p9v", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-93rg-2xm5-2p9v" }, { "reference_url": "https://github.com/advisories/GHSA-93rg-2xm5-2p9v", "reference_id": "GHSA-93rg-2xm5-2p9v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-93rg-2xm5-2p9v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114466?format=api", "purl": "pkg:npm/openclaw@2026.4.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22" } ], "aliases": [ "GHSA-93rg-2xm5-2p9v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e25p-j5ed-yqfz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93303?format=api", "vulnerability_id": "VCID-jshg-1pb2-wbak", "summary": "OpenClaw validates Zalo outbound photo URLs through the SSRF guard\n## Summary\nZalo outbound photo URLs are validated through the SSRF guard.\n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: <= 2026.4.21\n- Fixed version: 2026.4.22\n\n## Impact\nThe Zalo plugin could forward an attacker-controlled outbound photo URL to the Zalo Bot API without first applying OpenClaw's SSRF validation policy.\n\n## Fix\nZalo sendPhoto now parses and validates outbound photo URLs with the shared SSRF hostname policy before posting to Zalo, and media-reply paths route through the guarded outbound media helpers.\n\n## Fix Commit(s)\n- a65eb1b864b7630c1242a82de9e5799b80583c3f\n\n## Verification\n- The fix commit is contained in the public v2026.4.22 tag.\n- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.\n- Focused regression coverage for this path passed before publication.\n\nOpenClaw thanks @foodlook for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44116", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13839", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13842", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.1519", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.15107", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44116" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/a65eb1b864b7630c1242a82de9e5799b80583c3f", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:59:02Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/a65eb1b864b7630c1242a82de9e5799b80583c3f" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2hh7-c75g-qj2r", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:59:02Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2hh7-c75g-qj2r" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44116", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44116" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-in-zalo-photo-url-validation", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:59:02Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-in-zalo-photo-url-validation" }, { "reference_url": "https://github.com/advisories/GHSA-2hh7-c75g-qj2r", "reference_id": "GHSA-2hh7-c75g-qj2r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2hh7-c75g-qj2r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114466?format=api", "purl": "pkg:npm/openclaw@2026.4.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22" } ], "aliases": [ "CVE-2026-44116", "GHSA-2hh7-c75g-qj2r" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jshg-1pb2-wbak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95751?format=api", "vulnerability_id": "VCID-kcy2-a98b-uyg7", "summary": "OpenClaw's exec allowlist analysis rejects shell expansion in unquoted heredocs\n## Summary\nExec allowlist analysis rejects shell expansion in unquoted heredocs\n\n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: <= 2026.4.21\n- Fixed version: 2026.4.22\n\n## Impact\nAn allowlisted command containing an unquoted heredoc could hide shell expansion in the heredoc body. That could make the approved command text look safer than what the shell would evaluate at runtime.\n\n## Fix\nThe exec command analyzer now tracks heredoc bodies, rejects unquoted heredoc expansion tokens and continuation-splice bypasses, and preserves quoted heredocs and literal safe text.\n\n## Fix Commit(s)\n- b2e8b7d4bb2f22eaa16f5c4b07547774e90b65a5\n\n## Verification\n- The fix commit is contained in the public v2026.4.22 tag.\n- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.\n- Focused regression coverage for this path passed before publication.\n\nThanks @VladimirEliTokarev for reporting.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/b2e8b7d4bb2f22eaa16f5c4b07547774e90b65a5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/b2e8b7d4bb2f22eaa16f5c4b07547774e90b65a5" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-x3h8-jrgh-p8jx", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-x3h8-jrgh-p8jx" }, { "reference_url": "https://github.com/advisories/GHSA-x3h8-jrgh-p8jx", "reference_id": "GHSA-x3h8-jrgh-p8jx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x3h8-jrgh-p8jx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114466?format=api", "purl": "pkg:npm/openclaw@2026.4.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22" } ], "aliases": [ "GHSA-x3h8-jrgh-p8jx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kcy2-a98b-uyg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91952?format=api", "vulnerability_id": "VCID-ry1r-br3q-2uaw", "summary": "OpenClaw: MCP loopback owner context is derived from server-issued bearer tokens\n## Summary\nMCP loopback owner context is derived from server-issued bearer tokens.\n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: <= 2026.4.21\n- Fixed version: 2026.4.22\n\n## Impact\nThe loopback MCP path accepted spoofable owner-context metadata from request headers, which could allow a non-owner loopback client to present itself as owner for owner-gated operations.\n\n## Fix\nThe MCP loopback runtime now issues separate owner and non-owner bearer tokens and derives senderIsOwner exclusively from which token authenticated the request. The spoofable sender-owner header is no longer emitted or trusted.\n\n## Fix Commit(s)\n- 3cb1a56bfc9579a0f2336f9cfa12a8a744332a19\n\n## Verification\n- The fix commit is contained in the public v2026.4.22 tag.\n- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.\n- Focused regression coverage for this path passed before publication.\n\nOpenClaw thanks @VladimirEliTokarev for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44118", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01838", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01843", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02628", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02646", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44118" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/3cb1a56bfc9579a0f2336f9cfa12a8a744332a19", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T17:21:33Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/3cb1a56bfc9579a0f2336f9cfa12a8a744332a19" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-r6xh-pqhr-v4xh", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T17:21:33Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-r6xh-pqhr-v4xh" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44118", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44118" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-owner-context-spoofing-via-bearer-token-header", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T17:21:33Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-owner-context-spoofing-via-bearer-token-header" }, { "reference_url": "https://github.com/advisories/GHSA-r6xh-pqhr-v4xh", "reference_id": "GHSA-r6xh-pqhr-v4xh", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r6xh-pqhr-v4xh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114466?format=api", "purl": "pkg:npm/openclaw@2026.4.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22" } ], "aliases": [ "CVE-2026-44118", "GHSA-r6xh-pqhr-v4xh" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ry1r-br3q-2uaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92085?format=api", "vulnerability_id": "VCID-t2ve-xemk-mqa9", "summary": "OpenClaw: OpenShell FS bridge writes stay pinned to the sandbox mount root\n## Summary\nOpenShell FS bridge writes stay pinned to the sandbox mount root \n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: <= 2026.4.21\n- Fixed version: 2026.4.22\n\n## Impact\nA time-of-check/time-of-use race around OpenShell sandbox filesystem writes could let a symlink swap redirect a write outside the intended local mount root.\n\n## Fix\nOpenShell write paths now validate the canonical target against the mount root, reject unsafe symlink parents and symlink leaves for writes, and use root-scoped write helpers before syncing to the remote sandbox.\n\n## Fix Commit(s)\n- 7be82d4fd1193bcb7e44ee38838f00bf924ffa76\n\n## Verification\n- The fix commit is contained in the public v2026.4.22 tag.\n- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.\n- Focused regression coverage for this path passed before publication.\n\nThanks @VladimirEliTokarev for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44112", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09643", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09624", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11143", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11223", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44112" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/7be82d4fd1193bcb7e44ee38838f00bf924ffa76", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T17:25:18Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/7be82d4fd1193bcb7e44ee38838f00bf924ffa76" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wppj-c6mr-83jj", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T17:25:18Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wppj-c6mr-83jj" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44112", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44112" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-symlink-swap-race-condition-in-openshell-fs-bridge-writes", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T17:25:18Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-symlink-swap-race-condition-in-openshell-fs-bridge-writes" }, { "reference_url": "https://github.com/advisories/GHSA-wppj-c6mr-83jj", "reference_id": "GHSA-wppj-c6mr-83jj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wppj-c6mr-83jj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114466?format=api", "purl": "pkg:npm/openclaw@2026.4.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22" } ], "aliases": [ "CVE-2026-44112", "GHSA-wppj-c6mr-83jj" ], "risk_score": 4.3, "exploitability": "0.5", "weighted_severity": "8.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t2ve-xemk-mqa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95118?format=api", "vulnerability_id": "VCID-xj73-kszs-yygp", "summary": "OpenClaw's ACP child sessions inherit subagent security envelope constraints\n## Summary\nACP child sessions inherit subagent security envelope constraints.\n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: <= 2026.4.21\n- Fixed version: 2026.4.22\n\n## Impact\nA restricted subagent spawning an ACP child session could fail to carry forward subagent-only constraints such as depth, child-count limits, control scope, or target-agent restrictions.\n\n## Fix\nACP spawn now resolves and persists child subagent envelope fields, enforces maximum depth and active-child caps, and applies the inherited control scope to child ACP sessions.\n\n## Fix Commit(s)\n- 31160dc069b7cc5d833b39c53736a41ad3befda2\n\n## Verification\n- The fix commit is contained in the public v2026.4.22 tag.\n- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.\n- Focused regression coverage for this path passed before publication.\n\nOpenClaw thanks @zsxsoft, @qclawer, and @KeenSecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44997", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08411", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08347", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08403", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08423", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44997" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/31160dc069b7cc5d833b39c53736a41ad3befda2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:34Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/31160dc069b7cc5d833b39c53736a41ad3befda2" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q3jj-46pq-826r", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:34Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q3jj-46pq-826r" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44997", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44997" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-security-envelope-constraint-bypass-in-acp-child-sessions", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:34Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-security-envelope-constraint-bypass-in-acp-child-sessions" }, { "reference_url": "https://github.com/advisories/GHSA-q3jj-46pq-826r", "reference_id": "GHSA-q3jj-46pq-826r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q3jj-46pq-826r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114466?format=api", "purl": "pkg:npm/openclaw@2026.4.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22" } ], "aliases": [ "CVE-2026-44997", "GHSA-q3jj-46pq-826r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xj73-kszs-yygp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95220?format=api", "vulnerability_id": "VCID-ye4t-n6r3-67ab", "summary": "OpenClaw's gateway config mutation guard allowed unsafe model-driven config writes\n## Summary\n\nThe agent-facing `gateway` tool protects `config.apply` and `config.patch` with a model-to-operator trust boundary. That guard used a hand-maintained denylist of protected config paths. The config schema outgrew that denylist, leaving sensitive subtrees writable through model-driven gateway config mutations.\n\n## Impact\n\nA prompt-injected or otherwise compromised model running with access to the owner-only `gateway` tool could persist unsafe config changes that crossed security boundaries. Examples included config paths affecting command execution, network/proxy/TLS behavior, credential forwarding, telemetry or hook endpoints, memory/indexing surfaces, and operator policy controls. These changes could survive restart once written to config.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` on npm\n- Affected: versions before `2026.4.23`\n- Fixed: `2026.4.23`\n- Latest stable verified fixed: `openclaw@2026.4.23`, tag `v2026.4.23`\n\n## Fix\n\nOpenClaw replaced the denylist with a fail-closed allowlist. Agent-driven `gateway config.apply` and `gateway config.patch` now permit only narrow agent-tunable prompt/model settings and mention-gating paths. Other config changes are rejected before the gateway mutation RPC is invoked.\n\n## Fix Commit(s)\n\n- `bceda6089aa7b3695cc7696b43c61ae3d01bb0ec` (`fix(gateway): fail closed on runtime config edits`)\n\n## Severity\n\nSeverity remains `high`. The vulnerable entry point is owner-only, but the model/agent is not a trusted principal under OpenClaw's security model, and the guard is the explicit model-to-operator boundary for persisted config mutation.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/bceda6089aa7b3695cc7696b43c61ae3d01bb0ec", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/bceda6089aa7b3695cc7696b43c61ae3d01bb0ec" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cwj3-vqpp-pmxr", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cwj3-vqpp-pmxr" }, { "reference_url": "https://github.com/advisories/GHSA-cwj3-vqpp-pmxr", "reference_id": "GHSA-cwj3-vqpp-pmxr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cwj3-vqpp-pmxr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114733?format=api", "purl": "pkg:npm/openclaw@2026.4.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.23" } ], "aliases": [ "GHSA-cwj3-vqpp-pmxr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ye4t-n6r3-67ab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92141?format=api", "vulnerability_id": "VCID-ymmv-2qmq-6kap", "summary": "OpenClaw: OpenShell FS bridge reads pin and verify the opened file before returning bytes\n## Summary\nOpenShell FS bridge reads pin and verify the opened file before returning bytes \n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: <= 2026.4.21\n- Fixed version: 2026.4.22\n\n## Impact\nA time-of-check/time-of-use race around OpenShell sandbox filesystem reads could let a symlink swap cause bytes outside the intended mount root to be read.\n\n## Fix\nOpenShell reads now open the file with no-follow semantics where available, validate the pinned file descriptor against the canonical mount root, reject unsafe hardlink/symlink cases, and use a strict fallback ancestor walk on platforms without fd-path readback.\n\n## Fix Commit(s)\n- 95119017c847c737bd113f0bff728c4666d79c45\n\n## Verification\n- The fix commit is contained in the public v2026.4.22 tag.\n- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.\n- Focused regression coverage for this path passed before publication.\n\nThanks @VladimirEliTokarev for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44113", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09978", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09994", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11564", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11483", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44113" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/95119017c847c737bd113f0bff728c4666d79c45", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:04:19Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/95119017c847c737bd113f0bff728c4666d79c45" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5h3g-6xhh-rg6p", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:04:19Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5h3g-6xhh-rg6p" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44113", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44113" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-time-of-check-time-of-use-race-condition-in-openshell-fs-bridge", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:04:19Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-time-of-check-time-of-use-race-condition-in-openshell-fs-bridge" }, { "reference_url": "https://github.com/advisories/GHSA-5h3g-6xhh-rg6p", "reference_id": "GHSA-5h3g-6xhh-rg6p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5h3g-6xhh-rg6p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114466?format=api", "purl": "pkg:npm/openclaw@2026.4.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22" } ], "aliases": [ "CVE-2026-44113", "GHSA-5h3g-6xhh-rg6p" ], "risk_score": 3.8, "exploitability": "0.5", "weighted_severity": "7.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ymmv-2qmq-6kap" } ], "fixing_vulnerabilities": [], "risk_score": "4.3", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22-beta.1" }