Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/74371?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "type": "npm", "namespace": "", "name": "openclaw", "version": "2026.2.22", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2026.2.23", "latest_non_vulnerable_version": "2026.3.11", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50588?format=api", "vulnerability_id": "VCID-a7ay-d7ey-p3gz", "summary": "OpenClaw: shell-env trusted-prefix fallback allowed attacker-controlled binary execution via $SHELL\n`shell-env` fallback trusted prefix-based executable paths for `$SHELL`, allowing execution of attacker-controlled binaries in local/runtime-env influence scenarios.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22217", "reference_id": "CVE-2026-22217", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22217" }, { "reference_url": "https://github.com/advisories/GHSA-p4wh-cr8m-gm6c", "reference_id": "GHSA-p4wh-cr8m-gm6c", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-p4wh-cr8m-gm6c" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-p4wh-cr8m-gm6c", "reference_id": "GHSA-p4wh-cr8m-gm6c", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-p4wh-cr8m-gm6c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74336?format=api", "purl": "pkg:npm/openclaw@2026.2.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.23" } ], "aliases": [ "CVE-2026-22217", "GHSA-p4wh-cr8m-gm6c" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a7ay-d7ey-p3gz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50583?format=api", "vulnerability_id": "VCID-vnjc-aqhz-cudy", "summary": "OpenClaw's Synology Chat dmPolicy=allowlist failed open on empty allowedUserIds, allowing unauthorized agent dispatch\nIn `openclaw` versions `2026.2.22` and `2026.2.23`, the optional `synology-chat` channel plugin had an authorization fail-open condition: when `dmPolicy` was `allowlist` and `allowedUserIds` was empty/unset, unauthorized senders were still allowed through to agent dispatch.\n\nThis is assessed as **medium** severity because it requires channel/plugin setup and Synology sender access, but can still trigger downstream agent/tool actions.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/0ee30361b8f6ef3f110f3a7b001da6dd3df96bb5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/0ee30361b8f6ef3f110f3a7b001da6dd3df96bb5" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/7655c0cb3a47d0647cbbf5284e177f90b4b82ddb", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/7655c0cb3a47d0647cbbf5284e177f90b4b82ddb" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-synology-chat-plugin-via-empty-alloweduserids", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-synology-chat-plugin-via-empty-alloweduserids" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31998", "reference_id": "CVE-2026-31998", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31998" }, { "reference_url": "https://github.com/advisories/GHSA-gw85-xp4q-5gp9", "reference_id": "GHSA-gw85-xp4q-5gp9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gw85-xp4q-5gp9" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gw85-xp4q-5gp9", "reference_id": "GHSA-gw85-xp4q-5gp9", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gw85-xp4q-5gp9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74374?format=api", "purl": "pkg:npm/openclaw@2026.2.24", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.24" } ], "aliases": [ "CVE-2026-31998", "GHSA-gw85-xp4q-5gp9" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vnjc-aqhz-cudy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50630?format=api", "vulnerability_id": "VCID-zkrk-yqcx-dkdb", "summary": "OpenClaw unpaired device identity can bypass operator pairing and self-assign operator scopes with shared auth\nA client using shared gateway auth could attach an unpaired device identity and request elevated operator scopes (including `operator.admin`) before pairing approval, enabling privilege escalation.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/8d1481cb4a9d31bd617e52dc8c392c35689d9dea", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/8d1481cb4a9d31bd617e52dc8c392c35689d9dea" }, { "reference_url": "https://github.com/advisories/GHSA-553v-f69r-656j", "reference_id": "GHSA-553v-f69r-656j", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-553v-f69r-656j" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-553v-f69r-656j", "reference_id": "GHSA-553v-f69r-656j", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-553v-f69r-656j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74377?format=api", "purl": "pkg:npm/openclaw@2026.2.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25" } ], "aliases": [ "GHSA-553v-f69r-656j" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zkrk-yqcx-dkdb" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50591?format=api", "vulnerability_id": "VCID-1eak-zp22-2bcp", "summary": "OpenClaw hook transform path containment missed symlink-resolved escapes\nWhen an attacker can cause a transform module path to reference a symlinked entry that resolves outside the trusted transform directory, the gateway may import and execute unintended JavaScript with gateway-process privileges.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/f4dd0577b055f77af783105bd65eae32f3d5e6a1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/f4dd0577b055f77af783105bd65eae32f3d5e6a1" }, { "reference_url": "https://github.com/advisories/GHSA-659f-22xc-98f2", "reference_id": "GHSA-659f-22xc-98f2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-659f-22xc-98f2" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-659f-22xc-98f2", "reference_id": "GHSA-659f-22xc-98f2", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-659f-22xc-98f2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7ay-d7ey-p3gz" }, { "vulnerability": "VCID-vnjc-aqhz-cudy" }, { "vulnerability": "VCID-zkrk-yqcx-dkdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" } ], "aliases": [ "GHSA-659f-22xc-98f2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1eak-zp22-2bcp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50677?format=api", "vulnerability_id": "VCID-227a-7tmm-qybp", "summary": "OpenClaw: BlueBubbles (optional plugin) pairing/allowlist mismatch when allowFrom is empty\nBlueBubbles is an optional OpenClaw channel plugin. A configuration-sensitive access-control mismatch allowed DM senders to be treated as authorized when `dmPolicy` was `pairing` or `allowlist` and `allowFrom` was empty/unset.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/2ba6de7eaad812e5e8603018e14e54e96bdd57dd", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/2ba6de7eaad812e5e8603018e14e54e96bdd57dd" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/4540790cb62412676f7b61cfc6e47443f84a251e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/4540790cb62412676f7b61cfc6e47443f84a251e" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/51c0893673de8e5cea64e64351dbfa4680ba0dec", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/51c0893673de8e5cea64e64351dbfa4680ba0dec" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/9632b9bcf032c5f2280c3103961fde912ab1f920", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/9632b9bcf032c5f2280c3103961fde912ab1f920" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22170", "reference_id": "CVE-2026-22170", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22170" }, { "reference_url": "https://github.com/advisories/GHSA-jwf4-8wf4-jf2m", "reference_id": "GHSA-jwf4-8wf4-jf2m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jwf4-8wf4-jf2m" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jwf4-8wf4-jf2m", "reference_id": "GHSA-jwf4-8wf4-jf2m", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jwf4-8wf4-jf2m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7ay-d7ey-p3gz" }, { "vulnerability": "VCID-vnjc-aqhz-cudy" }, { "vulnerability": "VCID-zkrk-yqcx-dkdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" } ], "aliases": [ "CVE-2026-22170", "GHSA-jwf4-8wf4-jf2m" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-227a-7tmm-qybp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50520?format=api", "vulnerability_id": "VCID-2hsr-agnj-tkga", "summary": "OpenClaw's Control UI Static File Handler Follows Symlinks and Allows Out-of-Root File Read\nThe Control UI static file handler previously validated asset paths lexically and then served files with APIs that follow symbolic links. A symlink placed under the Control UI root could cause out-of-root file reads.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/7c500ff6236fa087ec1ec88696ca9f6881e90dc5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/7c500ff6236fa087ec1ec88696ca9f6881e90dc5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32020", "reference_id": "CVE-2026-32020", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32020" }, { "reference_url": "https://github.com/advisories/GHSA-5ghc-98wh-gwwf", "reference_id": "GHSA-5ghc-98wh-gwwf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5ghc-98wh-gwwf" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5ghc-98wh-gwwf", "reference_id": "GHSA-5ghc-98wh-gwwf", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5ghc-98wh-gwwf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7ay-d7ey-p3gz" }, { "vulnerability": "VCID-vnjc-aqhz-cudy" }, { "vulnerability": "VCID-zkrk-yqcx-dkdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" } ], "aliases": [ "CVE-2026-32020", "GHSA-5ghc-98wh-gwwf" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2hsr-agnj-tkga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50514?format=api", "vulnerability_id": "VCID-3r2t-95n3-fycd", "summary": "OpenClaw's allow-always wrapper persistence could bypass future approvals and enable command execution\nIn `openclaw` npm releases up to and including `2026.2.21-2`, approving wrapped `system.run` commands with `allow-always` in `security=allowlist` mode could persist wrapper-level allowlist entries and enable later approval-bypass execution of different inner payloads.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/24c954d972400f508814532dea0e4dcb38418bb0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/24c954d972400f508814532dea0e4dcb38418bb0" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-allow-always-wrapper-persistence", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-allow-always-wrapper-persistence" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29607", "reference_id": "CVE-2026-29607", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29607" }, { "reference_url": "https://github.com/advisories/GHSA-6j27-pc5c-m8w8", "reference_id": "GHSA-6j27-pc5c-m8w8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6j27-pc5c-m8w8" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6j27-pc5c-m8w8", "reference_id": "GHSA-6j27-pc5c-m8w8", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6j27-pc5c-m8w8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7ay-d7ey-p3gz" }, { "vulnerability": "VCID-vnjc-aqhz-cudy" }, { "vulnerability": "VCID-zkrk-yqcx-dkdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" } ], "aliases": [ "CVE-2026-29607", "GHSA-6j27-pc5c-m8w8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3r2t-95n3-fycd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50619?format=api", "vulnerability_id": "VCID-49gc-nc5z-nfgn", "summary": "OpenClaw Loopback CDP probe can leak Gateway token to local listener\nA local process can capture the OpenClaw Gateway auth token from Chrome CDP probe traffic on loopback.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/afa22acc4a09fdf32be8a167ae216bee85c30dad", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/afa22acc4a09fdf32be8a167ae216bee85c30dad" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22174", "reference_id": "CVE-2026-22174", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22174" }, { "reference_url": "https://github.com/advisories/GHSA-v3j7-34xh-6g3w", "reference_id": "GHSA-v3j7-34xh-6g3w", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-v3j7-34xh-6g3w" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-v3j7-34xh-6g3w", "reference_id": "GHSA-v3j7-34xh-6g3w", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-v3j7-34xh-6g3w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7ay-d7ey-p3gz" }, { "vulnerability": "VCID-vnjc-aqhz-cudy" }, { "vulnerability": "VCID-zkrk-yqcx-dkdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" } ], "aliases": [ "CVE-2026-22174", "GHSA-v3j7-34xh-6g3w" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-49gc-nc5z-nfgn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50528?format=api", "vulnerability_id": "VCID-4f7j-xmmz-w7dy", "summary": "OpenClaw has system.run shell-wrapper env injection via SHELLOPTS/PS4 can bypass allowlist intent (RCE)\n`system.run` allowed `SHELLOPTS` + `PS4` environment injection to trigger command substitution during `bash -lc` xtrace expansion before the allowlisted command body executed.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/e80c803fa887f9699ad87a9e906ab5c1ff85bd9a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/e80c803fa887f9699ad87a9e906ab5c1ff85bd9a" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-remote-code-execution-via-shellopts-ps4-environment-injection-in-system-run", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-remote-code-execution-via-shellopts-ps4-environment-injection-in-system-run" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32003", "reference_id": "CVE-2026-32003", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32003" }, { "reference_url": "https://github.com/advisories/GHSA-2fgq-7j6h-9rm4", "reference_id": "GHSA-2fgq-7j6h-9rm4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2fgq-7j6h-9rm4" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2fgq-7j6h-9rm4", "reference_id": "GHSA-2fgq-7j6h-9rm4", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2fgq-7j6h-9rm4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7ay-d7ey-p3gz" }, { "vulnerability": "VCID-vnjc-aqhz-cudy" }, { "vulnerability": "VCID-zkrk-yqcx-dkdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" } ], "aliases": [ "CVE-2026-32003", "GHSA-2fgq-7j6h-9rm4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4f7j-xmmz-w7dy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50571?format=api", "vulnerability_id": "VCID-6e67-c15c-57cf", "summary": "OpenClaw's system.run allowlist bypass via shell line-continuation command substitution\nIn OpenClaw `system.run` allowlist mode, shell-wrapper analysis could be bypassed by splitting command substitution as `$\\\\` + newline + `(` inside double quotes. Analysis treated the payload as allowlisted (for example `/bin/echo`), while shell runtime folded the line continuation into `$(...)` and executed non-allowlisted subcommands.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/3f0b9dbb36c86e308267924c0d3d4a4e1fc4d1e9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/3f0b9dbb36c86e308267924c0d3d4a4e1fc4d1e9" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-allowlist-bypass-via-shell-line-continuation-command-substitution-in-system-run", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-allowlist-bypass-via-shell-line-continuation-command-substitution-in-system-run" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28460", "reference_id": "CVE-2026-28460", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28460" }, { "reference_url": "https://github.com/advisories/GHSA-9868-vxmx-w862", "reference_id": "GHSA-9868-vxmx-w862", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9868-vxmx-w862" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9868-vxmx-w862", "reference_id": "GHSA-9868-vxmx-w862", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9868-vxmx-w862" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7ay-d7ey-p3gz" }, { "vulnerability": "VCID-vnjc-aqhz-cudy" }, { "vulnerability": "VCID-zkrk-yqcx-dkdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" } ], "aliases": [ "CVE-2026-28460", "GHSA-9868-vxmx-w862" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6e67-c15c-57cf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50497?format=api", "vulnerability_id": "VCID-7a37-77qg-7ybj", "summary": "OpenClaw's inbound media downloads could exceed configured byte limits before rejection across multiple channels\nOpenClaw did not consistently enforce configured inbound media byte limits before buffering remote media in several channel ingestion paths. A remote sender could trigger oversized downloads and memory pressure before rejection.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/73d93dee64127a26f1acd09d0403b794cdeb4f5c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/73d93dee64127a26f1acd09d0403b794cdeb4f5c" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-inbound-media-download-byte-limit-bypass", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-inbound-media-download-byte-limit-bypass" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32049", "reference_id": "CVE-2026-32049", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32049" }, { "reference_url": "https://github.com/advisories/GHSA-rxxp-482v-7mrh", "reference_id": "GHSA-rxxp-482v-7mrh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rxxp-482v-7mrh" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rxxp-482v-7mrh", "reference_id": "GHSA-rxxp-482v-7mrh", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rxxp-482v-7mrh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7ay-d7ey-p3gz" }, { "vulnerability": "VCID-vnjc-aqhz-cudy" }, { "vulnerability": "VCID-zkrk-yqcx-dkdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" } ], "aliases": [ "CVE-2026-32049", "GHSA-rxxp-482v-7mrh" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7a37-77qg-7ybj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50548?format=api", "vulnerability_id": "VCID-7d79-tjdy-ffgm", "summary": "OpenClaw's typed sender-key matching for toolsBySender prevents identity-collision policy bypass\n`channels.*.groups.*.toolsBySender` could match a privileged sender policy using a colliding mutable identity value (for example `senderName` or `senderUsername`) when deployments used untyped keys.\n\nThe fix introduces explicit typed sender keys (`id:`, `e164:`, `username:`, `name:`), keeps legacy untyped keys on a deprecated ID-only path, and adds regression coverage to prevent cross-identifier collisions.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/5547a2275cb69413af3b62c795b93214fe913b57", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/5547a2275cb69413af3b62c795b93214fe913b57" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-sender-authorization-bypass-via-identity-collision-in-toolsbysender", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-sender-authorization-bypass-via-identity-collision-in-toolsbysender" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32039", "reference_id": "CVE-2026-32039", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32039" }, { "reference_url": "https://github.com/advisories/GHSA-wpph-cjgr-7c39", "reference_id": "GHSA-wpph-cjgr-7c39", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wpph-cjgr-7c39" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wpph-cjgr-7c39", "reference_id": "GHSA-wpph-cjgr-7c39", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wpph-cjgr-7c39" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7ay-d7ey-p3gz" }, { "vulnerability": "VCID-vnjc-aqhz-cudy" }, { "vulnerability": "VCID-zkrk-yqcx-dkdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" } ], "aliases": [ "CVE-2026-32039", "GHSA-wpph-cjgr-7c39" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7d79-tjdy-ffgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50662?format=api", "vulnerability_id": "VCID-7pma-vwwr-ffb7", "summary": "OpenClaw has agent avatar symlink traversal in gateway session metadata\nA crafted local avatar path could follow a symlink outside the agent workspace and return arbitrary file contents as a base64 `data:` URL in gateway responses.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/3d0337504349954237d09e4d957df5cb844d5e77", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/3d0337504349954237d09e4d957df5cb844d5e77" }, { "reference_url": "https://github.com/advisories/GHSA-9mph-4f7v-fmvh", "reference_id": "GHSA-9mph-4f7v-fmvh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9mph-4f7v-fmvh" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9mph-4f7v-fmvh", "reference_id": "GHSA-9mph-4f7v-fmvh", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9mph-4f7v-fmvh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7ay-d7ey-p3gz" }, { "vulnerability": "VCID-vnjc-aqhz-cudy" }, { "vulnerability": "VCID-zkrk-yqcx-dkdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" } ], "aliases": [ "GHSA-9mph-4f7v-fmvh" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7pma-vwwr-ffb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50532?format=api", "vulnerability_id": "VCID-8gd6-xmy8-ska9", "summary": "OpenClaw's shell startup env injection bypasses system.run allowlist intent (RCE class)\n`system.run` environment sanitization allowed shell-startup env overrides (`HOME`, `ZDOTDIR`) that can execute attacker-controlled startup files before allowlist-evaluated command bodies.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/c2c7114ed39a547ab6276e1e933029b9530ee906", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/c2c7114ed39a547ab6276e1e933029b9530ee906" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-remote-code-execution-via-shell-startup-environment-variable-injection-in-system-run", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-remote-code-execution-via-shell-startup-environment-variable-injection-in-system-run" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32056", "reference_id": "CVE-2026-32056", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32056" }, { "reference_url": "https://github.com/advisories/GHSA-xgf2-vxv2-rrmg", "reference_id": "GHSA-xgf2-vxv2-rrmg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xgf2-vxv2-rrmg" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xgf2-vxv2-rrmg", "reference_id": "GHSA-xgf2-vxv2-rrmg", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xgf2-vxv2-rrmg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7ay-d7ey-p3gz" }, { "vulnerability": "VCID-vnjc-aqhz-cudy" }, { "vulnerability": "VCID-zkrk-yqcx-dkdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" } ], "aliases": [ "CVE-2026-32056", "GHSA-xgf2-vxv2-rrmg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8gd6-xmy8-ska9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50578?format=api", "vulnerability_id": "VCID-99k1-w3w2-wycx", "summary": "OpenClaw shell-env fallback trusted startup env and could execute attacker-influenced login-shell paths\nOpenClaw shell-env fallback trusted startup environment values and could execute attacker-influenced login-shell startup paths before loading env keys.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/9363c320d8ffe29290906752fab92621da02c3f7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/9363c320d8ffe29290906752fab92621da02c3f7" }, { "reference_url": "https://github.com/advisories/GHSA-5h2c-8v84-qpvr", "reference_id": "GHSA-5h2c-8v84-qpvr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5h2c-8v84-qpvr" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5h2c-8v84-qpvr", "reference_id": "GHSA-5h2c-8v84-qpvr", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5h2c-8v84-qpvr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7ay-d7ey-p3gz" }, { "vulnerability": "VCID-vnjc-aqhz-cudy" }, { "vulnerability": "VCID-zkrk-yqcx-dkdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" } ], "aliases": [ "GHSA-5h2c-8v84-qpvr" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-99k1-w3w2-wycx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50544?format=api", "vulnerability_id": "VCID-9n8k-veaq-u7ed", "summary": "OpenClaw's MSTeams attachment redirect handling could bypass configured media host allowlists\nIn OpenClaw MSTeams media download flows, redirect handling could bypass configured `mediaAllowHosts` checks in specific attachment paths. Redirect chains were not consistently constrained to allowlisted targets before accepting fetched content.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/73d93dee64127a26f1acd09d0403b794cdeb4f5c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/73d93dee64127a26f1acd09d0403b794cdeb4f5c" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/b34097f62df9d1960cc22600269cd3f3284e2124", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/b34097f62df9d1960cc22600269cd3f3284e2124" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-redirect-chain-bypass-of-media-host-allowlist-in-msteams-attachment-handling", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-redirect-chain-bypass-of-media-host-allowlist-in-msteams-attachment-handling" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32037", "reference_id": "CVE-2026-32037", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32037" }, { "reference_url": "https://github.com/advisories/GHSA-w76h-8m22-hpgh", "reference_id": "GHSA-w76h-8m22-hpgh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-w76h-8m22-hpgh" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-w76h-8m22-hpgh", "reference_id": "GHSA-w76h-8m22-hpgh", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-w76h-8m22-hpgh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7ay-d7ey-p3gz" }, { "vulnerability": "VCID-vnjc-aqhz-cudy" }, { "vulnerability": "VCID-zkrk-yqcx-dkdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" } ], "aliases": [ "CVE-2026-32037", "GHSA-w76h-8m22-hpgh" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9n8k-veaq-u7ed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50569?format=api", "vulnerability_id": "VCID-a7w7-e8zr-q3gx", "summary": "OpenClaw's exec allowlist wrapper analysis did not unwrap env/shell dispatch chains\n`system.run` exec allowlist analysis treated wrapper binaries as the effective executable and did not fully unwrap `env`/shell-dispatch wrappers.\n\nThis allowed wrapper-smuggled payloads (for example `env bash -lc ...`) to satisfy an allowlist entry for the wrapper while executing non-allowlisted commands.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/2b63592be57782c8946e521bc81286933f0f99c7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/2b63592be57782c8946e521bc81286933f0f99c7" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-allowlist-bypass-via-wrapper-binary-unwrapping-in-system-run", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-allowlist-bypass-via-wrapper-binary-unwrapping-in-system-run" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27566", "reference_id": "CVE-2026-27566", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27566" }, { "reference_url": "https://github.com/advisories/GHSA-jj82-76v6-933r", "reference_id": "GHSA-jj82-76v6-933r", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jj82-76v6-933r" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jj82-76v6-933r", "reference_id": "GHSA-jj82-76v6-933r", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jj82-76v6-933r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7ay-d7ey-p3gz" }, { "vulnerability": "VCID-vnjc-aqhz-cudy" }, { "vulnerability": "VCID-zkrk-yqcx-dkdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" } ], "aliases": [ "CVE-2026-27566", "GHSA-jj82-76v6-933r" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a7w7-e8zr-q3gx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50559?format=api", "vulnerability_id": "VCID-bhvb-v8vs-37bx", "summary": "OpenClaw's non-default safeBins sort configuration can bypass intended allowlist approval constraints\nWhen `sort` is explicitly added to `tools.exec.safeBins` (non-default), the `--compress-program` option can invoke an external helper and bypass the intended safe-bin approval constraints in allowlist mode.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/57fbbaebca4d34d17549accf6092ae26eb7b605c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/57fbbaebca4d34d17549accf6092ae26eb7b605c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22169", "reference_id": "CVE-2026-22169", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22169" }, { "reference_url": "https://github.com/advisories/GHSA-vmqr-rc7x-3446", "reference_id": "GHSA-vmqr-rc7x-3446", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vmqr-rc7x-3446" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vmqr-rc7x-3446", "reference_id": "GHSA-vmqr-rc7x-3446", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vmqr-rc7x-3446" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7ay-d7ey-p3gz" }, { "vulnerability": "VCID-vnjc-aqhz-cudy" }, { "vulnerability": "VCID-zkrk-yqcx-dkdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" } ], "aliases": [ "CVE-2026-22169", "GHSA-vmqr-rc7x-3446" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bhvb-v8vs-37bx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50467?format=api", "vulnerability_id": "VCID-d7s9-a4u2-4ffj", "summary": "OpenClaw voice-call media stream validated streams after upgrade, which could allow pre-start unauthenticated sockets to increase resource pressure\n`@openclaw/voice-call` (and the bundled copy shipped in `openclaw`) accepted media-stream WebSocket upgrades before stream validation. In reachable deployments, unauthenticated pre-start sockets could be held open and increase resource pressure.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/1d8968c8a821ff1a05c294a1846b3bcb6f343794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/1d8968c8a821ff1a05c294a1846b3bcb6f343794" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32062", "reference_id": "CVE-2026-32062", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32062" }, { "reference_url": "https://github.com/advisories/GHSA-mfg5-7q5g-f37j", "reference_id": "GHSA-mfg5-7q5g-f37j", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mfg5-7q5g-f37j" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mfg5-7q5g-f37j", "reference_id": "GHSA-mfg5-7q5g-f37j", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mfg5-7q5g-f37j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7ay-d7ey-p3gz" }, { "vulnerability": "VCID-vnjc-aqhz-cudy" }, { "vulnerability": "VCID-zkrk-yqcx-dkdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" } ], "aliases": [ "CVE-2026-32062", "GHSA-mfg5-7q5g-f37j" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d7s9-a4u2-4ffj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50648?format=api", "vulnerability_id": "VCID-e5mk-v6gf-jqbn", "summary": "OpenClaw has hook auth rate limiter bypass via IPv4-mapped IPv6 client key variants\nAn attacker could split failed hook-auth attempts across both address forms and effectively double the brute-force budget from 20 to 40 attempts per 60-second window.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/3284d2eb227e7b6536d543bcf5c3e320bc9d13c5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/3284d2eb227e7b6536d543bcf5c3e320bc9d13c5" }, { "reference_url": "https://github.com/advisories/GHSA-5847-rm3g-23mw", "reference_id": "GHSA-5847-rm3g-23mw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5847-rm3g-23mw" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5847-rm3g-23mw", "reference_id": "GHSA-5847-rm3g-23mw", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5847-rm3g-23mw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7ay-d7ey-p3gz" }, { "vulnerability": "VCID-vnjc-aqhz-cudy" }, { "vulnerability": "VCID-zkrk-yqcx-dkdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" } ], "aliases": [ "GHSA-5847-rm3g-23mw" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e5mk-v6gf-jqbn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50615?format=api", "vulnerability_id": "VCID-hjt8-3qu1-zba6", "summary": "OpenClaw reuses the gateway auth token in the owner ID prompt hashing fallback\n- Auth-secret dual-use across security domains (gateway auth and prompt metadata hashing).\n- Hash outputs are visible to third-party model providers in system prompts.\n- No direct plaintext token disclosure.\n- Practical risk is highest when operators use weak gateway tokens and leave owner hash secret unset.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/c99e7696e6893083b256f0a6c88fb060f3a76fb7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/c99e7696e6893083b256f0a6c88fb060f3a76fb7" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-authentication-token-reuse-in-owner-id-prompt-hashing-fallback", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-authentication-token-reuse-in-owner-id-prompt-hashing-fallback" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32897", "reference_id": "CVE-2026-32897", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32897" }, { "reference_url": "https://github.com/advisories/GHSA-v6x2-2qvm-6gv8", "reference_id": "GHSA-v6x2-2qvm-6gv8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-v6x2-2qvm-6gv8" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-v6x2-2qvm-6gv8", "reference_id": "GHSA-v6x2-2qvm-6gv8", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-v6x2-2qvm-6gv8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7ay-d7ey-p3gz" }, { "vulnerability": "VCID-vnjc-aqhz-cudy" }, { "vulnerability": "VCID-zkrk-yqcx-dkdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" } ], "aliases": [ "CVE-2026-32897", "GHSA-v6x2-2qvm-6gv8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hjt8-3qu1-zba6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50674?format=api", "vulnerability_id": "VCID-hq8e-4bbp-t7hn", "summary": "OpenClaw's elevated allowFrom accepted broader identity signals than specified within sender-scoped authorization\nIn certain elevated-mode configurations, `tools.elevated.allowFrom` accepted broader identity signals than intended. The fix tightens matching to sender-scoped identity by default and makes mutable metadata matching explicit.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/6817c0ec7b4fa830123d4f5c340f075a4bd04ee2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/6817c0ec7b4fa830123d4f5c340f075a4bd04ee2" }, { "reference_url": "https://github.com/advisories/GHSA-f6h3-846h-2r8w", "reference_id": "GHSA-f6h3-846h-2r8w", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f6h3-846h-2r8w" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f6h3-846h-2r8w", "reference_id": "GHSA-f6h3-846h-2r8w", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f6h3-846h-2r8w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7ay-d7ey-p3gz" }, { "vulnerability": "VCID-vnjc-aqhz-cudy" }, { "vulnerability": "VCID-zkrk-yqcx-dkdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" } ], "aliases": [ "GHSA-f6h3-846h-2r8w" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hq8e-4bbp-t7hn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50562?format=api", "vulnerability_id": "VCID-jqwp-vtjb-xber", "summary": "OpenClaw: Zip extraction symlink traversal could write outside destination\nA path confinement bypass in OpenClaw ZIP extraction allowed writes outside the intended destination when a pre-existing symlink was present under the extraction root.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/4b226b74f5fd3b106a83a6347fd404172e2fd246", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/4b226b74f5fd3b106a83a6347fd404172e2fd246" }, { "reference_url": "https://github.com/advisories/GHSA-jxrq-8fm4-9p58", "reference_id": "GHSA-jxrq-8fm4-9p58", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jxrq-8fm4-9p58" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jxrq-8fm4-9p58", "reference_id": "GHSA-jxrq-8fm4-9p58", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jxrq-8fm4-9p58" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7ay-d7ey-p3gz" }, { "vulnerability": "VCID-vnjc-aqhz-cudy" }, { "vulnerability": "VCID-zkrk-yqcx-dkdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" } ], "aliases": [ "GHSA-jxrq-8fm4-9p58" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jqwp-vtjb-xber" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50531?format=api", "vulnerability_id": "VCID-js1a-8fgc-aue1", "summary": "OpenClaw has a Discord `allowFrom` slug-collision authorization bypass\nOpenClaw supports Discord allowlists using either user IDs or names/tags. Name/tag matching depends on slug normalization, so different user tags can collide to the same slug and unintentionally satisfy a name-based allowlist entry.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/747bb581b3f2264495e1fec5a0727d9f2ca1b6f1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/747bb581b3f2264495e1fec5a0727d9f2ca1b6f1" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/f97c45c5b5e0698b6667bb5f6badc0cac7dabd12", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/f97c45c5b5e0698b6667bb5f6badc0cac7dabd12" }, { "reference_url": "https://github.com/advisories/GHSA-4cqv-h74h-93j4", "reference_id": "GHSA-4cqv-h74h-93j4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4cqv-h74h-93j4" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4cqv-h74h-93j4", "reference_id": "GHSA-4cqv-h74h-93j4", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4cqv-h74h-93j4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7ay-d7ey-p3gz" }, { "vulnerability": "VCID-vnjc-aqhz-cudy" }, { "vulnerability": "VCID-zkrk-yqcx-dkdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" } ], "aliases": [ "GHSA-4cqv-h74h-93j4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-js1a-8fgc-aue1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50530?format=api", "vulnerability_id": "VCID-jwrh-1nyn-9ucj", "summary": "In OpenClaw, manually adding sort to tools.exec.safeBins could bypass allowlist approval via --compress-program\nThis issue applies to a **non-default configuration** only.\nIf `sort` is manually added to `tools.exec.safeBins`, OpenClaw could treat `sort --compress-program=<prog>` as valid safe-bin usage.\nIn `security=allowlist` + `ask=on-miss`, this could satisfy allowlist checks and skip operator approval, while GNU `sort` may invoke an external program via `--compress-program`.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/57fbbaebca4d34d17549accf6092ae26eb7b605c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/57fbbaebca4d34d17549accf6092ae26eb7b605c" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-allowlist-bypass-via-sort-compress-program-parameter", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-allowlist-bypass-via-sort-compress-program-parameter" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32010", "reference_id": "CVE-2026-32010", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32010" }, { "reference_url": "https://github.com/advisories/GHSA-4gc7-qcvf-38wg", "reference_id": "GHSA-4gc7-qcvf-38wg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4gc7-qcvf-38wg" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4gc7-qcvf-38wg", "reference_id": "GHSA-4gc7-qcvf-38wg", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4gc7-qcvf-38wg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7ay-d7ey-p3gz" }, { "vulnerability": "VCID-vnjc-aqhz-cudy" }, { "vulnerability": "VCID-zkrk-yqcx-dkdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" } ], "aliases": [ "CVE-2026-32010", "GHSA-4gc7-qcvf-38wg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jwrh-1nyn-9ucj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50539?format=api", "vulnerability_id": "VCID-kn1a-n8a5-gfcy", "summary": "OpenClaw has macOS `system.run` allowlist bypass via quoted command substitution\nIn OpenClaw's macOS node-host path, `system.run` allowlist parsing in `security=allowlist` mode failed to reject command substitution tokens when they appeared inside double-quoted shell text.\n\nBecause of that gap, payloads like `echo \"ok $(id)\"` could be treated as allowlist hits (first executable token `echo`) while still executing non-allowlisted subcommands through shell substitution.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/90a378ca3a9ecbf1634cd247f17a35f4612c6ca6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/90a378ca3a9ecbf1634cd247f17a35f4612c6ca6" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-allowlist-bypass-via-command-substitution-in-system-run", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-allowlist-bypass-via-command-substitution-in-system-run" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22179", "reference_id": "CVE-2026-22179", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22179" }, { "reference_url": "https://github.com/advisories/GHSA-9p38-94jf-hgjj", "reference_id": "GHSA-9p38-94jf-hgjj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9p38-94jf-hgjj" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9p38-94jf-hgjj", "reference_id": "GHSA-9p38-94jf-hgjj", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9p38-94jf-hgjj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7ay-d7ey-p3gz" }, { "vulnerability": "VCID-vnjc-aqhz-cudy" }, { "vulnerability": "VCID-zkrk-yqcx-dkdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" } ], "aliases": [ "CVE-2026-22179", "GHSA-9p38-94jf-hgjj" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kn1a-n8a5-gfcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50610?format=api", "vulnerability_id": "VCID-qnwc-shqt-37cx", "summary": "OpenClaw's avatar symlink traversal can expose out-of-workspace local files\nOpenClaw avatar handling allowed a symlink traversal path that could expose local files outside an agent workspace through gateway avatar surfaces.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/3d0337504349954237d09e4d957df5cb844d5e77", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/3d0337504349954237d09e4d957df5cb844d5e77" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/6970c2c2db3ee069ef0fff0ade5cfbdd0134f9d2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/6970c2c2db3ee069ef0fff0ade5cfbdd0134f9d2" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-symlink-traversal-in-avatar-handling", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-symlink-traversal-in-avatar-handling" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32024", "reference_id": "CVE-2026-32024", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32024" }, { "reference_url": "https://github.com/advisories/GHSA-rx3g-mvc3-qfjf", "reference_id": "GHSA-rx3g-mvc3-qfjf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rx3g-mvc3-qfjf" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rx3g-mvc3-qfjf", "reference_id": "GHSA-rx3g-mvc3-qfjf", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rx3g-mvc3-qfjf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7ay-d7ey-p3gz" }, { "vulnerability": "VCID-vnjc-aqhz-cudy" }, { "vulnerability": "VCID-zkrk-yqcx-dkdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" } ], "aliases": [ "CVE-2026-32024", "GHSA-rx3g-mvc3-qfjf" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qnwc-shqt-37cx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50622?format=api", "vulnerability_id": "VCID-qqcd-dqkd-tqah", "summary": "OpenClaw's Node role device-identity bypass allows unauthorized node.event injection\nA client authenticated with a shared gateway token could connect as `role=node` without device identity/pairing, then call `node.event` to trigger `agent.request` and `voice.transcript` flows.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/ddcb2d79b17bf2a42c5037d8aeff1537a12b931e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/ddcb2d79b17bf2a42c5037d8aeff1537a12b931e" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-node-role-device-identity-bypass-via-websocket-authentication", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-node-role-device-identity-bypass-via-websocket-authentication" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32001", "reference_id": "CVE-2026-32001", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32001" }, { "reference_url": "https://github.com/advisories/GHSA-rv2q-f2h5-6xmg", "reference_id": "GHSA-rv2q-f2h5-6xmg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rv2q-f2h5-6xmg" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rv2q-f2h5-6xmg", "reference_id": "GHSA-rv2q-f2h5-6xmg", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rv2q-f2h5-6xmg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7ay-d7ey-p3gz" }, { "vulnerability": "VCID-vnjc-aqhz-cudy" }, { "vulnerability": "VCID-zkrk-yqcx-dkdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" } ], "aliases": [ "CVE-2026-32001", "GHSA-rv2q-f2h5-6xmg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qqcd-dqkd-tqah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50645?format=api", "vulnerability_id": "VCID-rkxd-fv9s-bkha", "summary": "OpenClaw's tools.exec.safeBins generic fallback allowed interpreter-style inline payload execution in allowlist mode\nWhen `tools.exec.safeBins` contained a binary without an explicit safe-bin profile, OpenClaw used a permissive generic fallback profile. In allowlist mode, that could let interpreter-style binaries (for example `python3`, `node`, `ruby`) execute inline payloads via flags like `-c`.\n\nThis requires explicit operator configuration to add such binaries to `safeBins`, so impact is limited to non-default/misconfigured deployments.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/47c3f742b6c488be26dd7b9636dbbb8676089154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/47c3f742b6c488be26dd7b9636dbbb8676089154" }, { "reference_url": "https://github.com/advisories/GHSA-8mf7-vv8w-hjr2", "reference_id": "GHSA-8mf7-vv8w-hjr2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8mf7-vv8w-hjr2" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8mf7-vv8w-hjr2", "reference_id": "GHSA-8mf7-vv8w-hjr2", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8mf7-vv8w-hjr2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7ay-d7ey-p3gz" }, { "vulnerability": "VCID-vnjc-aqhz-cudy" }, { "vulnerability": "VCID-zkrk-yqcx-dkdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" } ], "aliases": [ "GHSA-8mf7-vv8w-hjr2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rkxd-fv9s-bkha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50688?format=api", "vulnerability_id": "VCID-sk3k-djs3-1uh3", "summary": "OpenClaw has incomplete IPv4 special-use SSRF blocking in web fetch guard\n`isPrivateIpv4()` in bundled SSRF guard code missed several IPv4 special-use/non-global ranges, so `web_fetch` could allow targets that should be blocked by SSRF policy.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/333fbb86347998526dd514290adfd5f727caa6d9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/333fbb86347998526dd514290adfd5f727caa6d9" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/44dfbd23df453e51b71ef79a148c28c53e89168c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/44dfbd23df453e51b71ef79a148c28c53e89168c" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/71bd15bb4294d3d1b54386064d69cd0f5f731bd8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/71bd15bb4294d3d1b54386064d69cd0f5f731bd8" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/f14ebd743cfc73f667fae80af70043d0ab1f88bd", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/f14ebd743cfc73f667fae80af70043d0ab1f88bd" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-incomplete-ipv4-special-use-range-blocking-in-ssrf-guard", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-incomplete-ipv4-special-use-range-blocking-in-ssrf-guard" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32019", "reference_id": "CVE-2026-32019", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32019" }, { "reference_url": "https://github.com/advisories/GHSA-4rqq-w8v4-7p47", "reference_id": "GHSA-4rqq-w8v4-7p47", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4rqq-w8v4-7p47" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4rqq-w8v4-7p47", "reference_id": "GHSA-4rqq-w8v4-7p47", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4rqq-w8v4-7p47" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7ay-d7ey-p3gz" }, { "vulnerability": "VCID-vnjc-aqhz-cudy" }, { "vulnerability": "VCID-zkrk-yqcx-dkdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" } ], "aliases": [ "CVE-2026-32019", "GHSA-4rqq-w8v4-7p47" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sk3k-djs3-1uh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50565?format=api", "vulnerability_id": "VCID-wc57-jut8-rfbe", "summary": "OpenClaw has a Feishu allowFrom authorization bypass via display-name collision\nFeishu allowlist authorization could be bypassed by display-name collision.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/4ed87a667263ed2d422b9d5d5a5d326e099f92c7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/4ed87a667263ed2d422b9d5d5a5d326e099f92c7" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-display-name-collision-in-feishu-allowfrom", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-display-name-collision-in-feishu-allowfrom" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32021", "reference_id": "CVE-2026-32021", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32021" }, { "reference_url": "https://github.com/advisories/GHSA-j4xf-96qf-rx69", "reference_id": "GHSA-j4xf-96qf-rx69", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j4xf-96qf-rx69" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-j4xf-96qf-rx69", "reference_id": "GHSA-j4xf-96qf-rx69", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-j4xf-96qf-rx69" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7ay-d7ey-p3gz" }, { "vulnerability": "VCID-vnjc-aqhz-cudy" }, { "vulnerability": "VCID-zkrk-yqcx-dkdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" } ], "aliases": [ "CVE-2026-32021", "GHSA-j4xf-96qf-rx69" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wc57-jut8-rfbe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50488?format=api", "vulnerability_id": "VCID-wx8k-vpum-4udp", "summary": "OpenClaw macOS companion app (beta): allowlist parsing mismatch for system.run shell chains\nIn the macOS companion app (**currently beta**), a parsing mismatch in exec approvals could let shell-chain payloads pass allowlist checks in `system.run` under specific settings.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/5da03e622119fa012285cdb590fcf4264c965cb5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/5da03e622119fa012285cdb590fcf4264c965cb5" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/e371da38aab99521c4e076cd3d95fd775e00b784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/e371da38aab99521c4e076cd3d95fd775e00b784" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-allowlist-parsing-mismatch-in-system-run-shell-chains", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-allowlist-parsing-mismatch-in-system-run-shell-chains" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31993", "reference_id": "CVE-2026-31993", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31993" }, { "reference_url": "https://github.com/advisories/GHSA-5f9p-f3w2-fwch", "reference_id": "GHSA-5f9p-f3w2-fwch", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5f9p-f3w2-fwch" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5f9p-f3w2-fwch", "reference_id": "GHSA-5f9p-f3w2-fwch", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5f9p-f3w2-fwch" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7ay-d7ey-p3gz" }, { "vulnerability": "VCID-vnjc-aqhz-cudy" }, { "vulnerability": "VCID-zkrk-yqcx-dkdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" } ], "aliases": [ "CVE-2026-31993", "GHSA-5f9p-f3w2-fwch" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wx8k-vpum-4udp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50533?format=api", "vulnerability_id": "VCID-x6sw-v8s4-2ueq", "summary": "OpenClaw's shell env fallback trusts unvalidated SHELL path from host environment\nThe shell environment fallback path could invoke an attacker-controlled shell when `SHELL` was inherited from an untrusted host environment. In affected builds, shell-env loading used `$SHELL -l -c 'env -0'` without validating that `SHELL` points to a trusted executable.\n\nIn threat-model terms, this requires local environment compromise or untrusted startup environment injection first; it is not a remote pre-auth path. The hardening patch validates `SHELL` as an absolute normalized executable, prefers `/etc/shells`, applies trusted-prefix fallback checks, and falls back safely to `/bin/sh` when validation fails. The dangerous env-var policy now also blocks `SHELL` overrides.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/25e89cc86338ef475d26be043aa541dfdb95e52a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/25e89cc86338ef475d26be043aa541dfdb95e52a" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-shell-execution-via-unvalidated-shell-environment-variable", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-shell-execution-via-unvalidated-shell-environment-variable" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32032", "reference_id": "CVE-2026-32032", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32032" }, { "reference_url": "https://github.com/advisories/GHSA-f8mp-vj46-cq8v", "reference_id": "GHSA-f8mp-vj46-cq8v", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f8mp-vj46-cq8v" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f8mp-vj46-cq8v", "reference_id": "GHSA-f8mp-vj46-cq8v", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f8mp-vj46-cq8v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7ay-d7ey-p3gz" }, { "vulnerability": "VCID-vnjc-aqhz-cudy" }, { "vulnerability": "VCID-zkrk-yqcx-dkdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" } ], "aliases": [ "CVE-2026-32032", "GHSA-f8mp-vj46-cq8v" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x6sw-v8s4-2ueq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50609?format=api", "vulnerability_id": "VCID-x81e-yjt1-kqfz", "summary": "OpenClaw: macOS optional allowlist basename matching could bypass path-based policy\nOn macOS node-host, optional exec-approval allowlist mode previously treated basename-only entries (for example `echo`) as trusted command matches.\nThis could allow a same-name local binary (for example `./echo`) to run without approval under `security=allowlist` + `ask=on-miss`.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/dd41fadcaf58fd9deb963d6e163c56161e7b35dd", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/dd41fadcaf58fd9deb963d6e163c56161e7b35dd" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-path-traversal-via-basename-only-allowlist-matching-on-macos", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-path-traversal-via-basename-only-allowlist-matching-on-macos" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32016", "reference_id": "CVE-2026-32016", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32016" }, { "reference_url": "https://github.com/advisories/GHSA-7f4q-9rqh-x36p", "reference_id": "GHSA-7f4q-9rqh-x36p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7f4q-9rqh-x36p" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7f4q-9rqh-x36p", "reference_id": "GHSA-7f4q-9rqh-x36p", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7f4q-9rqh-x36p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7ay-d7ey-p3gz" }, { "vulnerability": "VCID-vnjc-aqhz-cudy" }, { "vulnerability": "VCID-zkrk-yqcx-dkdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" } ], "aliases": [ "CVE-2026-32016", "GHSA-7f4q-9rqh-x36p" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x81e-yjt1-kqfz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50657?format=api", "vulnerability_id": "VCID-yd67-ypse-qkd6", "summary": "OpenClaw's tools.exec.safeBins trusted PATH directories allowed binary shadowing in allowlist mode\nIn `openclaw` allowlist mode, `tools.exec.safeBins` trusted PATH-derived directories for safe-bin resolution. A same-name binary placed in a trusted PATH directory could satisfy safe-bin checks and execute.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/64b273a71cf0b2f2419c974832cede1fc2158729", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/64b273a71cf0b2f2419c974832cede1fc2158729" }, { "reference_url": "https://github.com/advisories/GHSA-qhrr-grqp-6x2g", "reference_id": "GHSA-qhrr-grqp-6x2g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qhrr-grqp-6x2g" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qhrr-grqp-6x2g", "reference_id": "GHSA-qhrr-grqp-6x2g", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qhrr-grqp-6x2g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74371?format=api", "purl": "pkg:npm/openclaw@2026.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7ay-d7ey-p3gz" }, { "vulnerability": "VCID-vnjc-aqhz-cudy" }, { "vulnerability": "VCID-zkrk-yqcx-dkdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" } ], "aliases": [ "GHSA-qhrr-grqp-6x2g" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yd67-ypse-qkd6" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22" }