Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/74336?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/74336?format=api", "purl": "pkg:npm/openclaw@2026.2.23", "type": "npm", "namespace": "", "name": "openclaw", "version": "2026.2.23", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2026.2.24", "latest_non_vulnerable_version": "2026.3.11", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50439?format=api", "vulnerability_id": "VCID-236n-3xbh-xba7", "summary": "OpenClaw is vulnerable to validation bypass through GNU long-option abbreviations in allowlist mode\nIn OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations (such as --compress-prog) in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was denied.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/3b8e33037ae2e12af7beb56fcf0346f1f8cbde6f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/3b8e33037ae2e12af7beb56fcf0346f1f8cbde6f" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.23", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.23" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28363", "reference_id": "CVE-2026-28363", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28363" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3c6h-g97w-fg78", "reference_id": "GHSA-3c6h-g97w-fg78", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3c6h-g97w-fg78" }, { "reference_url": "https://github.com/advisories/GHSA-7977-c43c-xpwj", "reference_id": "GHSA-7977-c43c-xpwj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7977-c43c-xpwj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74336?format=api", "purl": "pkg:npm/openclaw@2026.2.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.23" } ], "aliases": [ "CVE-2026-28363", "GHSA-7977-c43c-xpwj" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-236n-3xbh-xba7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50598?format=api", "vulnerability_id": "VCID-4298-8wwm-5fez", "summary": "OpenClaw: Experimental apply_patch may bypass workspace-only checks in opt-in sandbox mounts (off by default)\nIn some opt-in sandbox configurations, the **experimental** `apply_patch` tool did not consistently apply workspace-only checks to mounted paths (for example `/agent/...`).", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/6634030be31e1a1842967df046c2f2e47490e6bf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/6634030be31e1a1842967df046c2f2e47490e6bf" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-sandbox-bypass-in-apply-patch-tool-via-workspace-only-check-bypass", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-sandbox-bypass-in-apply-patch-tool-via-workspace-only-check-bypass" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32007", "reference_id": "CVE-2026-32007", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32007" }, { "reference_url": "https://github.com/advisories/GHSA-h9xm-j4qg-fvpg", "reference_id": "GHSA-h9xm-j4qg-fvpg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h9xm-j4qg-fvpg" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-h9xm-j4qg-fvpg", "reference_id": "GHSA-h9xm-j4qg-fvpg", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-h9xm-j4qg-fvpg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74336?format=api", "purl": "pkg:npm/openclaw@2026.2.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.23" } ], "aliases": [ "CVE-2026-32007", "GHSA-h9xm-j4qg-fvpg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4298-8wwm-5fez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50554?format=api", "vulnerability_id": "VCID-6g5n-5y59-aqhn", "summary": "OpenClaw's voice-call Twilio webhook replay could bypass manager dedupe because normalized event IDs were randomized per parse\nTwilio webhook replay events could bypass voice-call manager dedupe because normalized event IDs were randomized per parse. A replayed event could be treated as new and trigger duplicate or stale call-state transitions.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/1d28da55a5d0ff409e34999e0961157e9db0a2ab", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/1d28da55a5d0ff409e34999e0961157e9db0a2ab" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-twilio-webhook-replay-bypass-via-randomized-event-id-normalization", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-twilio-webhook-replay-bypass-via-randomized-event-id-normalization" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32053", "reference_id": "CVE-2026-32053", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32053" }, { "reference_url": "https://github.com/advisories/GHSA-vqx8-9xxw-f2m7", "reference_id": "GHSA-vqx8-9xxw-f2m7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vqx8-9xxw-f2m7" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vqx8-9xxw-f2m7", "reference_id": "GHSA-vqx8-9xxw-f2m7", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vqx8-9xxw-f2m7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74336?format=api", "purl": "pkg:npm/openclaw@2026.2.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.23" } ], "aliases": [ "CVE-2026-32053", "GHSA-vqx8-9xxw-f2m7" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6g5n-5y59-aqhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50588?format=api", "vulnerability_id": "VCID-a7ay-d7ey-p3gz", "summary": "OpenClaw: shell-env trusted-prefix fallback allowed attacker-controlled binary execution via $SHELL\n`shell-env` fallback trusted prefix-based executable paths for `$SHELL`, allowing execution of attacker-controlled binaries in local/runtime-env influence scenarios.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22217", "reference_id": "CVE-2026-22217", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22217" }, { "reference_url": "https://github.com/advisories/GHSA-p4wh-cr8m-gm6c", "reference_id": "GHSA-p4wh-cr8m-gm6c", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-p4wh-cr8m-gm6c" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-p4wh-cr8m-gm6c", "reference_id": "GHSA-p4wh-cr8m-gm6c", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-p4wh-cr8m-gm6c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74336?format=api", "purl": "pkg:npm/openclaw@2026.2.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.23" } ], "aliases": [ "CVE-2026-22217", "GHSA-p4wh-cr8m-gm6c" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a7ay-d7ey-p3gz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50441?format=api", "vulnerability_id": "VCID-aj68-v9vn-r7bh", "summary": "OpenClaw ACP client has permission auto-approval bypass via untrusted tool metadata\nThe OpenClaw ACP client could auto-approve tool calls based on untrusted metadata and permissive name heuristics. A malicious or compromised ACP tool invocation could bypass expected interactive approval prompts for read-class operations.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/12cc754332f9a7c92e158ce7644aa22df79c0904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/12cc754332f9a7c92e158ce7644aa22df79c0904" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/63dcd28ae0be2de1c75af09cc81841cebeec068f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/63dcd28ae0be2de1c75af09cc81841cebeec068f" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.23", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.23" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-acp-permission-auto-approval-bypass-via-untrusted-tool-metadata", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-acp-permission-auto-approval-bypass-via-untrusted-tool-metadata" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32898", "reference_id": "CVE-2026-32898", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32898" }, { "reference_url": "https://github.com/advisories/GHSA-7jx5-9fjg-hp4m", "reference_id": "GHSA-7jx5-9fjg-hp4m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7jx5-9fjg-hp4m" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7jx5-9fjg-hp4m", "reference_id": "GHSA-7jx5-9fjg-hp4m", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7jx5-9fjg-hp4m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74336?format=api", "purl": "pkg:npm/openclaw@2026.2.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.23" } ], "aliases": [ "CVE-2026-32898", "GHSA-7jx5-9fjg-hp4m" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aj68-v9vn-r7bh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50616?format=api", "vulnerability_id": "VCID-bh1b-65yw-rkfn", "summary": "OpenClaw has exec allowlist/safeBins policy-runtime mismatch via env -S wrapper interpretation\n`tools.exec` allowlist/safe-bins evaluation could diverge from runtime execution for wrapper commands using GNU `env -S/--split-string` semantics. This allowed policy checks to treat a command as a benign safe-bin invocation while runtime executed a different payload.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/a1c4bf07c6baad3ef87a0e710fe9aef127b1f606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/a1c4bf07c6baad3ef87a0e710fe9aef127b1f606" }, { "reference_url": "https://github.com/advisories/GHSA-796m-2973-wc5q", "reference_id": "GHSA-796m-2973-wc5q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-796m-2973-wc5q" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-796m-2973-wc5q", "reference_id": "GHSA-796m-2973-wc5q", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-796m-2973-wc5q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74336?format=api", "purl": "pkg:npm/openclaw@2026.2.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.23" } ], "aliases": [ "GHSA-796m-2973-wc5q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bh1b-65yw-rkfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50480?format=api", "vulnerability_id": "VCID-f8c1-shx2-kyg3", "summary": "OpenClaw's exec allow-always can be bypassed via unrecognized multiplexer shell wrappers (busybox/toybox sh -c)\nOpenClaw exec approvals could be bypassed in `allowlist` mode when `allow-always` was granted through unrecognized multiplexer shell wrappers (notably `busybox sh -c` and `toybox sh -c`).", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/a67689a7e3ad494b6637c76235a664322d526f9e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/a67689a7e3ad494b6637c76235a664322d526f9e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22175", "reference_id": "CVE-2026-22175", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22175" }, { "reference_url": "https://github.com/advisories/GHSA-gwqp-86q6-w47g", "reference_id": "GHSA-gwqp-86q6-w47g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gwqp-86q6-w47g" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gwqp-86q6-w47g", "reference_id": "GHSA-gwqp-86q6-w47g", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gwqp-86q6-w47g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74336?format=api", "purl": "pkg:npm/openclaw@2026.2.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.23" } ], "aliases": [ "CVE-2026-22175", "GHSA-gwqp-86q6-w47g" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f8c1-shx2-kyg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50535?format=api", "vulnerability_id": "VCID-f8pb-7mzk-pbhc", "summary": "OpenClaw's commands.allowFrom sender authorization accepted conversation identifiers via ctx.From\n`commands.allowFrom` is documented as a sender authorization allowlist for commands/directives, but command authorization could include `ctx.From` (conversation identity) as a sender candidate.\n\nWhen `commands.allowFrom` contained conversation-like identifiers (for example Discord `channel:<id>` or WhatsApp group JIDs), command/directive authorization could be granted to participants in that conversation instead of only the intended sender identity.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/08e2aa44e78a9c946d97bea62304e6f533b8fa8e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/08e2aa44e78a9c946d97bea62304e6f533b8fa8e" }, { "reference_url": "https://github.com/advisories/GHSA-2ch6-x3g4-7759", "reference_id": "GHSA-2ch6-x3g4-7759", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2ch6-x3g4-7759" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2ch6-x3g4-7759", "reference_id": "GHSA-2ch6-x3g4-7759", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2ch6-x3g4-7759" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74336?format=api", "purl": "pkg:npm/openclaw@2026.2.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.23" } ], "aliases": [ "GHSA-2ch6-x3g4-7759" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f8pb-7mzk-pbhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50628?format=api", "vulnerability_id": "VCID-ntfj-t4vw-6uac", "summary": "OpenClaw Vulnerable to HTML injection via unvalidated image MIME type in data-URL interpolation\nThe HTML session exporter (`src/auto-reply/reply/export-html/template.js`) interpolates `img.mimeType` directly into `<img src=\"data:...\">` attributes without validation or escaping. A crafted `mimeType` value (e.g., `x\" onerror=\"alert(1)`) can break out of the attribute context and execute arbitrary JavaScript.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/f3adf142c195000cbde31200626a1d8c8b716df9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/f3adf142c195000cbde31200626a1d8c8b716df9" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/24140", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/pull/24140" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-html-injection-via-unvalidated-image-mime-type-in-data-url-interpolation", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-html-injection-via-unvalidated-image-mime-type-in-data-url-interpolation" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32040", "reference_id": "CVE-2026-32040", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32040" }, { "reference_url": "https://github.com/advisories/GHSA-2ww6-868g-2c56", "reference_id": "GHSA-2ww6-868g-2c56", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2ww6-868g-2c56" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2ww6-868g-2c56", "reference_id": "GHSA-2ww6-868g-2c56", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2ww6-868g-2c56" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74336?format=api", "purl": "pkg:npm/openclaw@2026.2.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.23" } ], "aliases": [ "CVE-2026-32040", "GHSA-2ww6-868g-2c56" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ntfj-t4vw-6uac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50672?format=api", "vulnerability_id": "VCID-pmgv-7bsa-wbad", "summary": "OpenClaw's image tool bypasses tools.fs.workspaceOnly on sandbox mount paths and exfiltrates out-of-workspace images\nIn OpenClaw, the sandboxed `image` tool did not honor `tools.fs.workspaceOnly=true` for mounted paths resolved by the sandbox FS bridge. This allowed reading out-of-workspace mounted images (for example `/agent/*`) and forwarding those bytes to vision model providers.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/dd9d9c1c609dcb4579f9e57bd7b5c879d0146b53", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/dd9d9c1c609dcb4579f9e57bd7b5c879d0146b53" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-sandbox-boundary-bypass-via-image-tool-workspaceonly-bypass", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-sandbox-boundary-bypass-via-image-tool-workspaceonly-bypass" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32002", "reference_id": "CVE-2026-32002", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32002" }, { "reference_url": "https://github.com/advisories/GHSA-q6qf-4p5j-r25g", "reference_id": "GHSA-q6qf-4p5j-r25g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-q6qf-4p5j-r25g" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q6qf-4p5j-r25g", "reference_id": "GHSA-q6qf-4p5j-r25g", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q6qf-4p5j-r25g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74336?format=api", "purl": "pkg:npm/openclaw@2026.2.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.23" } ], "aliases": [ "CVE-2026-32002", "GHSA-q6qf-4p5j-r25g" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pmgv-7bsa-wbad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50650?format=api", "vulnerability_id": "VCID-psws-4czh-h3d1", "summary": "OpenClaw's tools.exec.safeBins sort long-option abbreviation bypass can skip exec approval in allowlist mode\nIn OpenClaw, `tools.exec.safeBins` validation for `sort` could be bypassed via GNU long-option abbreviations in allowlist mode, allowing approval-free execution paths that should require approval.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/3b8e33037ae2e12af7beb56fcf0346f1f8cbde6f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/3b8e33037ae2e12af7beb56fcf0346f1f8cbde6f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32059", "reference_id": "CVE-2026-32059", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32059" }, { "reference_url": "https://github.com/advisories/GHSA-3c6h-g97w-fg78", "reference_id": "GHSA-3c6h-g97w-fg78", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3c6h-g97w-fg78" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3c6h-g97w-fg78", "reference_id": "GHSA-3c6h-g97w-fg78", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3c6h-g97w-fg78" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74336?format=api", "purl": "pkg:npm/openclaw@2026.2.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.23" } ], "aliases": [ "CVE-2026-32059", "GHSA-3c6h-g97w-fg78" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-psws-4czh-h3d1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50600?format=api", "vulnerability_id": "VCID-qwqp-9ymd-syat", "summary": "OpenClaw's non-default autoAllowSkills setting could bypass on-miss exec prompt\nIn `openclaw` versions up to and including `2026.2.22-2`, a non-default exec-approval configuration could allow a skill-name collision to bypass an `ask=on-miss` prompt.\n\nWhen `autoAllowSkills=true`, a path-scoped executable such as `./skill-bin` could resolve to basename `skill-bin`, satisfy the `skills` allowlist segment, and run without prompting for approval.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/ffd63b7a2c4c6d5aeb4710ef951d5794ad7ad77b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/ffd63b7a2c4c6d5aeb4710ef951d5794ad7ad77b" }, { "reference_url": "https://github.com/advisories/GHSA-7ff8-xjh3-mgh6", "reference_id": "GHSA-7ff8-xjh3-mgh6", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7ff8-xjh3-mgh6" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7ff8-xjh3-mgh6", "reference_id": "GHSA-7ff8-xjh3-mgh6", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7ff8-xjh3-mgh6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74336?format=api", "purl": "pkg:npm/openclaw@2026.2.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.23" } ], "aliases": [ "GHSA-7ff8-xjh3-mgh6" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qwqp-9ymd-syat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50601?format=api", "vulnerability_id": "VCID-vvmq-u18b-ybdu", "summary": "OpenClaw has allowlist exec-guard bypass via env -S\nIn `allowlist` mode, `system.run` guardrails could be bypassed through `env -S`, causing policy-analysis/runtime-execution mismatch for shell wrapper payloads.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/3f923e831364d83d0f23499ee49961de334cf58b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/3f923e831364d83d0f23499ee49961de334cf58b" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/a1c4bf07c6baad3ef87a0e710fe9aef127b1f606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/a1c4bf07c6baad3ef87a0e710fe9aef127b1f606" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-allowlist-exec-guard-bypass-via-env-s", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-allowlist-exec-guard-bypass-via-env-s" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31992", "reference_id": "CVE-2026-31992", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31992" }, { "reference_url": "https://github.com/advisories/GHSA-48wf-g7cp-gr3m", "reference_id": "GHSA-48wf-g7cp-gr3m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-48wf-g7cp-gr3m" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-48wf-g7cp-gr3m", "reference_id": "GHSA-48wf-g7cp-gr3m", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-48wf-g7cp-gr3m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74336?format=api", "purl": "pkg:npm/openclaw@2026.2.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.23" } ], "aliases": [ "CVE-2026-31992", "GHSA-48wf-g7cp-gr3m" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vvmq-u18b-ybdu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50658?format=api", "vulnerability_id": "VCID-ymxk-4rab-bbe2", "summary": "OpenClaw has stored XSS in exported session HTML viewer via markdown/raw-HTML rendering\nThe exported session HTML viewer allowed stored XSS when untrusted session content included raw HTML markdown tokens or unescaped metadata fields.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/f8524ec77a3999d573e6c6b8a5055bf35c49a2e6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/f8524ec77a3999d573e6c6b8a5055bf35c49a2e6" }, { "reference_url": "https://github.com/advisories/GHSA-r294-2894-92j3", "reference_id": "GHSA-r294-2894-92j3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r294-2894-92j3" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-r294-2894-92j3", "reference_id": "GHSA-r294-2894-92j3", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-r294-2894-92j3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74336?format=api", "purl": "pkg:npm/openclaw@2026.2.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.23" } ], "aliases": [ "GHSA-r294-2894-92j3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ymxk-4rab-bbe2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50475?format=api", "vulnerability_id": "VCID-zq1n-aqjc-9qdf", "summary": "OpenClaw: Node exec approvals could be replayed across nodes\n`exec.approval` requests for `host=node` were not explicitly bound to the target `nodeId`, so an approval intended for one node could be replayed for a different node under the same operator-controlled gateway fleet.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/4a3f8438e527ac371a67fe7ac68a287f0dbe6063", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/4a3f8438e527ac371a67fe7ac68a287f0dbe6063" }, { "reference_url": "https://github.com/advisories/GHSA-6x2m-hqfw-hvpj", "reference_id": "GHSA-6x2m-hqfw-hvpj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6x2m-hqfw-hvpj" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6x2m-hqfw-hvpj", "reference_id": "GHSA-6x2m-hqfw-hvpj", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6x2m-hqfw-hvpj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74336?format=api", "purl": "pkg:npm/openclaw@2026.2.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.23" } ], "aliases": [ "GHSA-6x2m-hqfw-hvpj" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zq1n-aqjc-9qdf" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.23" }