Search for packages
| purl | pkg:npm/openclaw@2026.2.12 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2khs-byzt-vffa | OpenClaw's Chrome extension relay binds publicly due to wildcard treated as loopback The Chrome extension relay (`ensureChromeExtensionRelayServer`) previously treated wildcard hosts (`0.0.0.0` / `::`) as loopback, which could make it bind the relay HTTP/WS server to all interfaces when a wildcard `cdpUrl` was passed. |
CVE-2026-28395
GHSA-qw99-grcx-4pvm |
| VCID-3qm9-u1h8-ekck | OpenClaw has a webhook auth bypass when gateway is behind a reverse proxy (loopback remoteAddress trust) The BlueBubbles webhook handler previously treated any request whose socket `remoteAddress` was loopback (`127.0.0.1`, `::1`, `::ffff:127.0.0.1`) as authenticated. When OpenClaw Gateway is behind a reverse proxy (Tailscale Serve/Funnel, nginx, Cloudflare Tunnel, ngrok), the proxy typically connects to the gateway over loopback, allowing unauthenticated remote requests to bypass the configured webhook password. This could allow an attacker who can reach the proxy endpoint to inject arbitrary inbound BlueBubbles message/reaction events. |
CVE-2026-29613
GHSA-xc7w-v5x6-cc87 |
| VCID-8ttp-suxq-kfhq | OpenClaw's unsanitized session ID enables path traversal in transcript file operations OpenClaw versions **<= 2026.2.9** construct transcript file paths using an unsanitized `sessionId` and also accept `sessionFile` paths without enforcing that they stay within the agent sessions directory. A crafted `sessionId` and/or `sessionFile` (example: `../../etc/passwd`) can cause path traversal when the gateway performs transcript file read/write operations. **Preconditions:** an attacker must be able to authenticate to the gateway (gateway token/password). By default the gateway binds to `loopback` (local-only); configurations that expose the gateway widen the attack surface. |
CVE-2026-28482
GHSA-5xfq-5mr7-426q |
| VCID-c916-y53f-73g5 | OpenClaw has non-constant-time token comparison in hooks authentication OpenClaw hooks previously compared the provided hook token using a regular string comparison. Because this comparison is not constant-time, an attacker with network access to the hooks endpoint could potentially use timing measurements across many requests to gradually infer the token. In practice, this typically requires hooks to be exposed to an untrusted network and a large number of requests; real-world latency and jitter can make reliable measurement difficult. |
CVE-2026-28464
GHSA-jmm5-fvh5-gf4p |
| VCID-muy6-vhj5-abe6 | OpenClaw Hook Session Key Override Enables Targeted Cross-Session Routing The issue is not deterministic session keys by itself. The exploitable path was accepting externally supplied `sessionKey` values on authenticated hook ingress, allowing a hook token holder to route messages into chosen sessions. |
GHSA-hv93-r4j3-q65f
|
| VCID-pvr1-9q4b-rbam | OpenClaw's unauthenticated Nostr profile HTTP endpoints allow remote profile/config tampering The OpenClaw Nostr channel plugin (optional, disabled by default, installed separately) exposes profile management HTTP endpoints under `/api/channels/nostr/:accountId/profile` (GET/PUT) and `/api/channels/nostr/:accountId/profile/import` (POST). In affected versions, these routes were dispatched via the gateway plugin HTTP layer without requiring gateway authentication, allowing unauthenticated remote callers to read or mutate the Nostr profile and persist changes to the gateway config. Profile updates are also published as a signed Nostr kind:0 event using the bot's private key. Deployments that do not have the Nostr plugin installed and enabled are not impacted. |
CVE-2026-28450
GHSA-mv9j-6xhh-g383 |
| VCID-uag8-7sh7-jbcw | OpenClaw has an arbitrary transcript path file write via gateway sessionFile In OpenClaw versions prior to 2026.2.12, the gateway accepted an untrusted `sessionFile` path when resolving the session transcript file. This could allow an authenticated gateway client to create and append OpenClaw session transcript records at an arbitrary path on the gateway host. |
CVE-2026-28459
GHSA-64qx-vpxx-mvqf |