Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/74377?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/74377?format=api", "purl": "pkg:npm/openclaw@2026.2.25", "type": "npm", "namespace": "", "name": "openclaw", "version": "2026.2.25", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2026.3.2", "latest_non_vulnerable_version": "2026.3.11", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50485?format=api", "vulnerability_id": "VCID-13gt-wg2j-j3cn", "summary": "OpenClaw has browser trace/download path symlink escape in temp output handling\nBrowser trace/download output path handling allowed symlink-root and symlink-parent escapes from the managed temp root.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/496a76c03ba85e15ea715e5a583e498ae04d36e3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/496a76c03ba85e15ea715e5a583e498ae04d36e3" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-symlink-traversal-in-browser-trace-download-path-handling", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-symlink-traversal-in-browser-trace-download-path-handling" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32054", "reference_id": "CVE-2026-32054", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32054" }, { "reference_url": "https://github.com/advisories/GHSA-36h3-7c54-j27r", "reference_id": "GHSA-36h3-7c54-j27r", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-36h3-7c54-j27r" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-36h3-7c54-j27r", "reference_id": "GHSA-36h3-7c54-j27r", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-36h3-7c54-j27r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74377?format=api", "purl": "pkg:npm/openclaw@2026.2.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25" } ], "aliases": [ "CVE-2026-32054", "GHSA-36h3-7c54-j27r" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-13gt-wg2j-j3cn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50576?format=api", "vulnerability_id": "VCID-1m1e-ywyj-2qgz", "summary": "OpenClaw: Discord DM reaction ingress missed dmPolicy/allowFrom checks in restricted setups\nIn OpenClaw `<= 2026.2.24`, Discord direct-message reaction notifications did not consistently apply the same DM authorization checks (`dmPolicy` / `allowFrom`) that are enforced for normal DM message ingress.\n\nIn restrictive DM setups, a non-allowlisted Discord user who can react to a bot-authored DM message could still enqueue a reaction-derived system event in the session.\n\nThis is a reaction-only ingress inconsistency. By itself it does not directly execute commands; practical impact depends on downstream automation/tool policy.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/aedf62ac7e669a89c7b299201bf6537dc6b12e0e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/aedf62ac7e669a89c7b299201bf6537dc6b12e0e" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-missing-authorization-check-in-discord-dm-reaction-ingress", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-missing-authorization-check-in-discord-dm-reaction-ingress" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32028", "reference_id": "CVE-2026-32028", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32028" }, { "reference_url": "https://github.com/advisories/GHSA-354r-7mfh-7rh2", "reference_id": "GHSA-354r-7mfh-7rh2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-354r-7mfh-7rh2" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-354r-7mfh-7rh2", "reference_id": "GHSA-354r-7mfh-7rh2", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-354r-7mfh-7rh2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74377?format=api", "purl": "pkg:npm/openclaw@2026.2.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25" } ], "aliases": [ "CVE-2026-32028", "GHSA-354r-7mfh-7rh2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1m1e-ywyj-2qgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50573?format=api", "vulnerability_id": "VCID-3f9z-cez9-ykec", "summary": "OpenClaw's Nextcloud Talk webhook replay could trigger duplicate inbound processing\nWhen Nextcloud Talk webhook signing was valid, replayed requests could be accepted without durable replay suppression, allowing duplicate inbound processing after replay-window expiry or process restart.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/d512163d686ad6741783e7119ddb3437f493dbbc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/d512163d686ad6741783e7119ddb3437f493dbbc" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-webhook-replay-attack-via-missing-durable-replay-suppression", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-webhook-replay-attack-via-missing-durable-replay-suppression" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28449", "reference_id": "CVE-2026-28449", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28449" }, { "reference_url": "https://github.com/advisories/GHSA-r9q5-c7qc-p26w", "reference_id": "GHSA-r9q5-c7qc-p26w", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r9q5-c7qc-p26w" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-r9q5-c7qc-p26w", "reference_id": "GHSA-r9q5-c7qc-p26w", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-r9q5-c7qc-p26w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74377?format=api", "purl": "pkg:npm/openclaw@2026.2.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25" } ], "aliases": [ "CVE-2026-28449", "GHSA-r9q5-c7qc-p26w" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3f9z-cez9-ykec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50474?format=api", "vulnerability_id": "VCID-3yb8-85qk-17dm", "summary": "OpenClaw gateway agents.files symlink escape allowed out-of-workspace file read/write\nThe gateway `agents.files.get` and `agents.files.set` methods allowed symlink traversal for allowlisted workspace files. A symlinked allowlisted file (for example `AGENTS.md`) could resolve outside the agent workspace and be read/written by the gateway process.\n\nThis could enable arbitrary host file read/write within the gateway process permissions, and chained impact up to code execution depending on which files are overwritten.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/125f4071bcbc0de32e769940d07967db47f09d3d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/125f4071bcbc0de32e769940d07967db47f09d3d" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-symlink-traversal-in-agents-files-methods", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-symlink-traversal-in-agents-files-methods" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32013", "reference_id": "CVE-2026-32013", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32013" }, { "reference_url": "https://github.com/advisories/GHSA-fgvx-58p6-gjwc", "reference_id": "GHSA-fgvx-58p6-gjwc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fgvx-58p6-gjwc" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-fgvx-58p6-gjwc", "reference_id": "GHSA-fgvx-58p6-gjwc", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-fgvx-58p6-gjwc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74377?format=api", "purl": "pkg:npm/openclaw@2026.2.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25" } ], "aliases": [ "CVE-2026-32013", "GHSA-fgvx-58p6-gjwc" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3yb8-85qk-17dm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50502?format=api", "vulnerability_id": "VCID-9rch-2vmz-ukgs", "summary": "OpenClaw: system.run approval identity mismatch could execute a different binary than displayed\n`system.run` approvals in OpenClaw used rendered command text as the approval identity while trimming argv token whitespace. Runtime execution still used raw argv. A crafted trailing-space executable token could therefore execute a different binary than what the approver saw.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/03e689fc89bbecbcd02876a95957ef1ad9caa176", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/03e689fc89bbecbcd02876a95957ef1ad9caa176" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-approval-identity-mismatch-in-system-run-command-execution", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-approval-identity-mismatch-in-system-run-command-execution" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32065", "reference_id": "CVE-2026-32065", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32065" }, { "reference_url": "https://github.com/advisories/GHSA-hwpq-rrpf-pgcq", "reference_id": "GHSA-hwpq-rrpf-pgcq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hwpq-rrpf-pgcq" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hwpq-rrpf-pgcq", "reference_id": "GHSA-hwpq-rrpf-pgcq", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hwpq-rrpf-pgcq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74377?format=api", "purl": "pkg:npm/openclaw@2026.2.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25" } ], "aliases": [ "CVE-2026-32065", "GHSA-hwpq-rrpf-pgcq" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9rch-2vmz-ukgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50594?format=api", "vulnerability_id": "VCID-cc1w-ru55-57b3", "summary": "OpenClaw's browser-origin WebSocket auth hardening gap could enable loopback password brute-force chains\nThis issue is a browser-origin WebSocket auth chain on local loopback deployments using password auth. It is serious, but conditional: an attacker must get the user to open a malicious page and then successfully guess the gateway password.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/c736f11a16d6bc27ea62a0fe40fffae4cb071fdb", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/c736f11a16d6bc27ea62a0fe40fffae4cb071fdb" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-password-brute-force-via-browser-origin-websocket-authentication-bypass", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-password-brute-force-via-browser-origin-websocket-authentication-bypass" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32025", "reference_id": "CVE-2026-32025", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32025" }, { "reference_url": "https://github.com/advisories/GHSA-jmmg-jqc7-5qf4", "reference_id": "GHSA-jmmg-jqc7-5qf4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jmmg-jqc7-5qf4" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jmmg-jqc7-5qf4", "reference_id": "GHSA-jmmg-jqc7-5qf4", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jmmg-jqc7-5qf4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74377?format=api", "purl": "pkg:npm/openclaw@2026.2.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25" } ], "aliases": [ "CVE-2026-32025", "GHSA-jmmg-jqc7-5qf4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cc1w-ru55-57b3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50621?format=api", "vulnerability_id": "VCID-hmr8-2n1d-syh3", "summary": "OpenClaw's system.run approval TOCTOU via mutable symlink cwd target on node host\nIn `openclaw@2026.2.24`, approval-bound `system.run` on node hosts could be influenced by mutable symlink `cwd` targets between approval and execution.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/f789f880c934caa8be25b38832f27f90f37903db", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/f789f880c934caa8be25b38832f27f90f37903db" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-time-of-check-time-of-use-via-mutable-symlink-in-system-run-cwd-parameter", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-time-of-check-time-of-use-via-mutable-symlink-in-system-run-cwd-parameter" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32043", "reference_id": "CVE-2026-32043", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32043" }, { "reference_url": "https://github.com/advisories/GHSA-mwcg-wfq3-4gjc", "reference_id": "GHSA-mwcg-wfq3-4gjc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mwcg-wfq3-4gjc" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mwcg-wfq3-4gjc", "reference_id": "GHSA-mwcg-wfq3-4gjc", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mwcg-wfq3-4gjc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74377?format=api", "purl": "pkg:npm/openclaw@2026.2.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25" } ], "aliases": [ "CVE-2026-32043", "GHSA-mwcg-wfq3-4gjc" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hmr8-2n1d-syh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50552?format=api", "vulnerability_id": "VCID-jxv3-cdt9-wbdm", "summary": "OpenClaw: Sandbox media fallback tmp symlink alias bypass allows host file reads outside sandboxRoot\nA sandbox path validation bypass in `openclaw` allows host file reads outside `sandboxRoot` via the media path fallback tmp flow when the fallback tmp root is a symlink alias.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/496a76c03ba85e15ea715e5a583e498ae04d36e3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/496a76c03ba85e15ea715e5a583e498ae04d36e3" }, { "reference_url": "https://github.com/advisories/GHSA-xmv6-r34m-62p4", "reference_id": "GHSA-xmv6-r34m-62p4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xmv6-r34m-62p4" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xmv6-r34m-62p4", "reference_id": "GHSA-xmv6-r34m-62p4", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xmv6-r34m-62p4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74377?format=api", "purl": "pkg:npm/openclaw@2026.2.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25" } ], "aliases": [ "GHSA-xmv6-r34m-62p4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jxv3-cdt9-wbdm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50543?format=api", "vulnerability_id": "VCID-nuka-patj-5fc7", "summary": "OpenClaw's Telegram message_reaction authorization bypass allows unauthorized system-event injection\nA missing sender-authorization check in Telegram `message_reaction` handling allowed unauthorized users to trigger reaction-derived system events.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/e56b0cf1a04f992ac6ebc775899f48ea31687640", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/e56b0cf1a04f992ac6ebc775899f48ea31687640" }, { "reference_url": "https://github.com/advisories/GHSA-qj22-xqjr-v83v", "reference_id": "GHSA-qj22-xqjr-v83v", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qj22-xqjr-v83v" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qj22-xqjr-v83v", "reference_id": "GHSA-qj22-xqjr-v83v", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qj22-xqjr-v83v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74377?format=api", "purl": "pkg:npm/openclaw@2026.2.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25" } ], "aliases": [ "GHSA-qj22-xqjr-v83v" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nuka-patj-5fc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50564?format=api", "vulnerability_id": "VCID-pgez-9z25-xqey", "summary": "OpenClaw has a Trusted-proxy Control UI pairing bypass which allows unpaired node sessions\nA trusted-proxy Control UI pairing bypass accepted `client.id=control-ui` without device identity checks. The bypass did not require `operator` role, so an authenticated `node` role session could connect unpaired and reach node event methods.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/ec45c317f5d0631a3d333b236da58c4749ede2a3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/ec45c317f5d0631a3d333b236da58c4749ede2a3" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-authentication-bypass-via-control-ui-client-id-parameter", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-authentication-bypass-via-control-ui-client-id-parameter" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32057", "reference_id": "CVE-2026-32057", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32057" }, { "reference_url": "https://github.com/advisories/GHSA-vvgp-4c28-m3jm", "reference_id": "GHSA-vvgp-4c28-m3jm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vvgp-4c28-m3jm" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vvgp-4c28-m3jm", "reference_id": "GHSA-vvgp-4c28-m3jm", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vvgp-4c28-m3jm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74377?format=api", "purl": "pkg:npm/openclaw@2026.2.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25" } ], "aliases": [ "CVE-2026-32057", "GHSA-vvgp-4c28-m3jm" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pgez-9z25-xqey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50525?format=api", "vulnerability_id": "VCID-s6fk-r5v7-x3ee", "summary": "OpenClaw: macOS beta onboarding exposed PKCE verifier via OAuth state\nThe affected surface is the OpenClaw macOS app onboarding flow, and the macOS app is currently in **beta**.\nIn that beta onboarding flow, Anthropic OAuth used the PKCE `code_verifier` value as OAuth `state`, exposing that secret in front-channel URL state.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/8f3310000a8b0c11eced054c2cdb6fb27803511a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/8f3310000a8b0c11eced054c2cdb6fb27803511a" }, { "reference_url": "https://github.com/advisories/GHSA-6g25-pc82-vfwp", "reference_id": "GHSA-6g25-pc82-vfwp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6g25-pc82-vfwp" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6g25-pc82-vfwp", "reference_id": "GHSA-6g25-pc82-vfwp", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6g25-pc82-vfwp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74377?format=api", "purl": "pkg:npm/openclaw@2026.2.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25" } ], "aliases": [ "GHSA-6g25-pc82-vfwp" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s6fk-r5v7-x3ee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50689?format=api", "vulnerability_id": "VCID-th8g-pprj-bqgw", "summary": "OpenClaw: Hardlink alias checks could bypass workspace-only file boundaries in specific configurations\nIn certain workspace-restricted configurations, OpenClaw could follow hardlink aliases inside the workspace that reference files outside the workspace boundary.\n\nBy default, `tools.fs.workspaceOnly` is off. This primarily affects deployments that intentionally enable workspace-only filesystem restrictions (and workspace-only `apply_patch` checks).", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/04d91d0319b82fd4de91ed05e9fc5219ff2ab64e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/04d91d0319b82fd4de91ed05e9fc5219ff2ab64e" }, { "reference_url": "https://github.com/advisories/GHSA-3jx4-q2m7-r496", "reference_id": "GHSA-3jx4-q2m7-r496", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3jx4-q2m7-r496" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3jx4-q2m7-r496", "reference_id": "GHSA-3jx4-q2m7-r496", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3jx4-q2m7-r496" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74377?format=api", "purl": "pkg:npm/openclaw@2026.2.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25" } ], "aliases": [ "GHSA-3jx4-q2m7-r496" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-th8g-pprj-bqgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50634?format=api", "vulnerability_id": "VCID-ukyb-zk5w-tkdc", "summary": "OpenClaw's Signal reaction-only status events could, in limited cases, be enqueued before access checks\nIn a narrow Signal reaction-notification path, reaction-only inbound events could enqueue a status event before sender access checks were applied.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/2aa7842adeedef423be7ce283a9144b9f1a0a669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/2aa7842adeedef423be7ce283a9144b9f1a0a669" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-unauthorized-reaction-status-event-enqueue-via-access-check-bypass", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-unauthorized-reaction-status-event-enqueue-via-access-check-bypass" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32050", "reference_id": "CVE-2026-32050", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32050" }, { "reference_url": "https://github.com/advisories/GHSA-792q-qw95-f446", "reference_id": "GHSA-792q-qw95-f446", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-792q-qw95-f446" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-792q-qw95-f446", "reference_id": "GHSA-792q-qw95-f446", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-792q-qw95-f446" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74377?format=api", "purl": "pkg:npm/openclaw@2026.2.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25" } ], "aliases": [ "CVE-2026-32050", "GHSA-792q-qw95-f446" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ukyb-zk5w-tkdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50524?format=api", "vulnerability_id": "VCID-vp66-1yq4-5qbm", "summary": "OpenClaw: MS Teams fileConsent/invoke missing conversation binding allowed cross-conversation pending-upload consumption\nIn `openclaw` MS Teams file-consent flow, pending uploads were authorized by `uploadId` alone. `fileConsent/invoke` did not verify the invoke conversation against the conversation that created the pending upload.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/347f7b9550064f5f5b33c6e07f64e85b9657b6f1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/347f7b9550064f5f5b33c6e07f64e85b9657b6f1" }, { "reference_url": "https://github.com/advisories/GHSA-j26j-7qc4-3mrf", "reference_id": "GHSA-j26j-7qc4-3mrf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j26j-7qc4-3mrf" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-j26j-7qc4-3mrf", "reference_id": "GHSA-j26j-7qc4-3mrf", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-j26j-7qc4-3mrf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74377?format=api", "purl": "pkg:npm/openclaw@2026.2.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25" } ], "aliases": [ "GHSA-j26j-7qc4-3mrf" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vp66-1yq4-5qbm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50558?format=api", "vulnerability_id": "VCID-x6mf-dx99-vydn", "summary": "OpenClaw's Slack reaction/pin sender-policy consistency issue in non-message ingress\nOpenClaw Slack monitor handled `reaction_*` and `pin_*` non-message events before applying sender-policy checks consistently.\n\nIn affected versions, these events could be added to system-event context even when sender policy would not normally allow them.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/75dfb71e4e8b7c2feba5a8ca662f92ea840e0147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/75dfb71e4e8b7c2feba5a8ca662f92ea840e0147" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/aedf62ac7e669a89c7b299201bf6537dc6b12e0e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/aedf62ac7e669a89c7b299201bf6537dc6b12e0e" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-sender-policy-bypass-in-slack-reaction-and-pin-event-handlers", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-sender-policy-bypass-in-slack-reaction-and-pin-event-handlers" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32899", "reference_id": "CVE-2026-32899", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32899" }, { "reference_url": "https://github.com/advisories/GHSA-rm2p-j3r7-4x4j", "reference_id": "GHSA-rm2p-j3r7-4x4j", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rm2p-j3r7-4x4j" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rm2p-j3r7-4x4j", "reference_id": "GHSA-rm2p-j3r7-4x4j", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rm2p-j3r7-4x4j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74377?format=api", "purl": "pkg:npm/openclaw@2026.2.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25" } ], "aliases": [ "CVE-2026-32899", "GHSA-rm2p-j3r7-4x4j" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x6mf-dx99-vydn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50679?format=api", "vulnerability_id": "VCID-xx3p-8f8z-6fcx", "summary": "OpenClaw: Slack interactive callbacks could skip configured sender checks in some shared-workspace flows\nIn shared Slack workspace deployments that rely on sender restrictions (`allowFrom`, DM policy, or channel user allowlists), some interactive callbacks (`block_action`, `view_submission`, `view_closed`) could be accepted before full sender authorization checks.\n\nIn that scenario, an unauthorized workspace member could enqueue system-event text into an active session. This issue did not provide unauthenticated access, cross-gateway isolation bypass, or host-level privilege escalation by itself.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/ce8c67c314b93f570f53c2a9abc124e1e3a54715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/ce8c67c314b93f570f53c2a9abc124e1e3a54715" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-interactive-callbacks-via-sender-check-skip", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-interactive-callbacks-via-sender-check-skip" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32005", "reference_id": "CVE-2026-32005", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32005" }, { "reference_url": "https://github.com/advisories/GHSA-x2ff-j5c2-ggpr", "reference_id": "GHSA-x2ff-j5c2-ggpr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-x2ff-j5c2-ggpr" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-x2ff-j5c2-ggpr", "reference_id": "GHSA-x2ff-j5c2-ggpr", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-x2ff-j5c2-ggpr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74377?format=api", "purl": "pkg:npm/openclaw@2026.2.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25" } ], "aliases": [ "CVE-2026-32005", "GHSA-x2ff-j5c2-ggpr" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xx3p-8f8z-6fcx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50602?format=api", "vulnerability_id": "VCID-yx4j-34ty-4udn", "summary": "OpenClaw has a IPv6 multicast SSRF classifier bypass\nOpenClaw's SSRF IP classifier did not treat IPv6 multicast literals (`ff00::/8`) as blocked/private-internal. This allowed literal multicast hosts to pass SSRF preflight checks.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/baf656bc6fd7f83b6033e6dbc2548ec75028641f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/baf656bc6fd7f83b6033e6dbc2548ec75028641f" }, { "reference_url": "https://github.com/advisories/GHSA-h97f-6pqj-q452", "reference_id": "GHSA-h97f-6pqj-q452", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h97f-6pqj-q452" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-h97f-6pqj-q452", "reference_id": "GHSA-h97f-6pqj-q452", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-h97f-6pqj-q452" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74377?format=api", "purl": "pkg:npm/openclaw@2026.2.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25" } ], "aliases": [ "GHSA-h97f-6pqj-q452" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yx4j-34ty-4udn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50630?format=api", "vulnerability_id": "VCID-zkrk-yqcx-dkdb", "summary": "OpenClaw unpaired device identity can bypass operator pairing and self-assign operator scopes with shared auth\nA client using shared gateway auth could attach an unpaired device identity and request elevated operator scopes (including `operator.admin`) before pairing approval, enabling privilege escalation.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/8d1481cb4a9d31bd617e52dc8c392c35689d9dea", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/commit/8d1481cb4a9d31bd617e52dc8c392c35689d9dea" }, { "reference_url": "https://github.com/advisories/GHSA-553v-f69r-656j", "reference_id": "GHSA-553v-f69r-656j", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-553v-f69r-656j" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-553v-f69r-656j", "reference_id": "GHSA-553v-f69r-656j", "reference_type": "", "scores": [], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-553v-f69r-656j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74377?format=api", "purl": "pkg:npm/openclaw@2026.2.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25" } ], "aliases": [ "GHSA-553v-f69r-656j" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zkrk-yqcx-dkdb" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.25" }