{"url":"http://public2.vulnerablecode.io/api/packages/1020659?format=json","purl":"pkg:npm/openclaw@2026.4.15-beta.2","type":"npm","namespace":"","name":"openclaw","version":"2026.4.15-beta.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2026.4.23","latest_non_vulnerable_version":"2026.4.23","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68041?format=json","vulnerability_id":"VCID-1qnh-qhcx-63et","summary":"OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms, potentially enabling privileged OpenClaw behavior.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44110","reference_id":"","reference_type":"","scores":[{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18401","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.184","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18423","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18236","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44110"},{"reference_url":"https://github.com/openclaw/openclaw/pull/67294","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/pull/67294"},{"reference_url":"https://github.com/openclaw/openclaw/pull/67325","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openclaw/openclaw/pull/67325"},{"reference_url":"https://github.com/openclaw/openclaw/commit/2bfd808a83116bd888e3e2633a61473fa2ed81b6","reference_id":"2bfd808a83116bd888e3e2633a61473fa2ed81b6","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:58:00Z/"}],"url":"https://github.com/openclaw/openclaw/commit/2bfd808a83116bd888e3e2633a61473fa2ed81b6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44110","reference_id":"CVE-2026-44110","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44110"},{"reference_url":"https://github.com/openclaw/openclaw/commit/f8705f512b09043df02b5da372c33374734bd921","reference_id":"f8705f512b09043df02b5da372c33374734bd921","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:58:00Z/"}],"url":"https://github.com/openclaw/openclaw/commit/f8705f512b09043df02b5da372c33374734bd921"},{"reference_url":"https://github.com/advisories/GHSA-2gvc-4f3c-2855","reference_id":"GHSA-2gvc-4f3c-2855","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2gvc-4f3c-2855"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2gvc-4f3c-2855","reference_id":"GHSA-2gvc-4f3c-2855","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:58:00Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2gvc-4f3c-2855"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-matrix-room-control-commands-via-dm-pairing-store","reference_id":"openclaw-authorization-bypass-in-matrix-room-control-commands-via-dm-pairing-store","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:58:00Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-matrix-room-control-commands-via-dm-pairing-store"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373280?format=json","purl":"pkg:npm/openclaw@2026.4.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.15"}],"aliases":["CVE-2026-44110","GHSA-2gvc-4f3c-2855"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1qnh-qhcx-63et"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69834?format=json","vulnerability_id":"VCID-4qqv-57ws-4yb3","summary":"OpenClaw before 2026.4.20 contains a hook session-key bypass vulnerability that allows attackers to circumvent the hooks.allowRequestSessionKey opt-in restriction. Attackers can render externally influenced session keys through templated hook mappings to bypass webhook routing isolation controls.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45002","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10694","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11756","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.1173","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11751","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45002"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45002","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45002"},{"reference_url":"https://github.com/openclaw/openclaw/commit/5275d008ed33203dba3f98e969ad683a65c416c3","reference_id":"5275d008ed33203dba3f98e969ad683a65c416c3","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:46:08Z/"}],"url":"https://github.com/openclaw/openclaw/commit/5275d008ed33203dba3f98e969ad683a65c416c3"},{"reference_url":"https://github.com/advisories/GHSA-2xcp-x87w-q377","reference_id":"GHSA-2xcp-x87w-q377","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2xcp-x87w-q377"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2xcp-x87w-q377","reference_id":"GHSA-2xcp-x87w-q377","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:46:08Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2xcp-x87w-q377"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-hook-session-key-bypass-via-template-mapping","reference_id":"openclaw-hook-session-key-bypass-via-template-mapping","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:46:08Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-hook-session-key-bypass-via-template-mapping"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["CVE-2026-45002","GHSA-2xcp-x87w-q377"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4qqv-57ws-4yb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359764?format=json","vulnerability_id":"VCID-5zh4-jn4s-akc9","summary":"OpenClaw: Paired-device pairing actions were not limited to the caller device\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nA paired device session with limited pairing scope could enumerate global pairing state and act on pairing requests that belonged to another device within the same gateway scope ceiling.\n\nThis is a same-gateway paired-device authorization bug, not a remote unauthenticated issue. Severity is low.\n\n## Fix\n\nPairing management actions are now limited to the caller device, so non-admin paired-device sessions cannot approve or operate on unrelated pending device requests.\n\nFix commit:\n\n- `5a12f30441d5b0b151f550daa2c5c9e8db61e2e6`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-xrq9-jm7v-g9h7","reference_id":"GHSA-xrq9-jm7v-g9h7","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xrq9-jm7v-g9h7"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xrq9-jm7v-g9h7","reference_id":"GHSA-xrq9-jm7v-g9h7","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xrq9-jm7v-g9h7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["GHSA-xrq9-jm7v-g9h7"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5zh4-jn4s-akc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68039?format=json","vulnerability_id":"VCID-65nh-ys6n-77ag","summary":"OpenClaw before 2026.4.22 derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. Non-owner loopback clients can present themselves as owner to bypass owner-gated operations by manipulating the sender-owner header metadata.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44118","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02617","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0261","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0262","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44118"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44118","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44118"},{"reference_url":"https://github.com/openclaw/openclaw/commit/3cb1a56bfc9579a0f2336f9cfa12a8a744332a19","reference_id":"3cb1a56bfc9579a0f2336f9cfa12a8a744332a19","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T17:21:33Z/"}],"url":"https://github.com/openclaw/openclaw/commit/3cb1a56bfc9579a0f2336f9cfa12a8a744332a19"},{"reference_url":"https://github.com/advisories/GHSA-r6xh-pqhr-v4xh","reference_id":"GHSA-r6xh-pqhr-v4xh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r6xh-pqhr-v4xh"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-r6xh-pqhr-v4xh","reference_id":"GHSA-r6xh-pqhr-v4xh","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T17:21:33Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-r6xh-pqhr-v4xh"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-owner-context-spoofing-via-bearer-token-header","reference_id":"openclaw-owner-context-spoofing-via-bearer-token-header","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T17:21:33Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-owner-context-spoofing-via-bearer-token-header"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375357?format=json","purl":"pkg:npm/openclaw@2026.4.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22"}],"aliases":["CVE-2026-44118","GHSA-r6xh-pqhr-v4xh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-65nh-ys6n-77ag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65524?format=json","vulnerability_id":"VCID-6w88-6bts-sudv","summary":"OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use rotated-out bearer tokens for unauthorized gateway access.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43585","reference_id":"","reference_type":"","scores":[{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34576","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34579","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.346","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34398","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43585"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/pull/66651","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/66651"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43585","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43585"},{"reference_url":"https://github.com/openclaw/openclaw/commit/acd4e0a32f12e1ad85f3130f63b42443ce90f094","reference_id":"acd4e0a32f12e1ad85f3130f63b42443ce90f094","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:53:26Z/"}],"url":"https://github.com/openclaw/openclaw/commit/acd4e0a32f12e1ad85f3130f63b42443ce90f094"},{"reference_url":"https://github.com/advisories/GHSA-xmxx-7p24-h892","reference_id":"GHSA-xmxx-7p24-h892","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xmxx-7p24-h892"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xmxx-7p24-h892","reference_id":"GHSA-xmxx-7p24-h892","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:53:26Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xmxx-7p24-h892"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-bearer-token-validation-bypass-via-stale-secretref-resolution","reference_id":"openclaw-bearer-token-validation-bypass-via-stale-secretref-resolution","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:53:26Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-bearer-token-validation-bypass-via-stale-secretref-resolution"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373280?format=json","purl":"pkg:npm/openclaw@2026.4.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.15"}],"aliases":["CVE-2026-43585","GHSA-xmxx-7p24-h892"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6w88-6bts-sudv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359778?format=json","vulnerability_id":"VCID-8h62-5c5b-cbdt","summary":"OpenClaw: Feishu card actions could misclassify DMs and skip dmPolicy\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nFeishu card-action callbacks could synthesize a message event with DM conversations classified as group conversations. That skipped `dmPolicy` enforcement for card actions, so a sender in a Feishu DM could trigger card-action flows that should have been blocked by a restrictive DM policy.\n\nThe issue is limited to Feishu card-action handling. Severity is medium.\n\n## Fix\n\nOpenClaw now resolves Feishu card-action chat type before dispatch, including API lookup when stored context is unavailable, and avoids falling through to group handling for DMs.\n\nFix commit:\n\n- `90979d7c3ef7ec30b9f8aa6963a5e38d2f17d166`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-72q8-jcmc-97wx","reference_id":"GHSA-72q8-jcmc-97wx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-72q8-jcmc-97wx"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-72q8-jcmc-97wx","reference_id":"GHSA-72q8-jcmc-97wx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-72q8-jcmc-97wx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["GHSA-72q8-jcmc-97wx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8h62-5c5b-cbdt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67767?format=json","vulnerability_id":"VCID-9u9n-s6sc-2bhw","summary":"OpenClaw before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin's sendPhoto function that fails to validate outbound photo URLs through the SSRF guard. Attackers can bypass SSRF protection by providing malicious photo URLs to the Zalo Bot API, enabling unauthorized access to internal resources.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44116","reference_id":"","reference_type":"","scores":[{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15353","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15325","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.1536","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15225","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44116"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44116","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44116"},{"reference_url":"https://github.com/openclaw/openclaw/commit/a65eb1b864b7630c1242a82de9e5799b80583c3f","reference_id":"a65eb1b864b7630c1242a82de9e5799b80583c3f","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:59:02Z/"}],"url":"https://github.com/openclaw/openclaw/commit/a65eb1b864b7630c1242a82de9e5799b80583c3f"},{"reference_url":"https://github.com/advisories/GHSA-2hh7-c75g-qj2r","reference_id":"GHSA-2hh7-c75g-qj2r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2hh7-c75g-qj2r"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2hh7-c75g-qj2r","reference_id":"GHSA-2hh7-c75g-qj2r","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:59:02Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2hh7-c75g-qj2r"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-in-zalo-photo-url-validation","reference_id":"openclaw-server-side-request-forgery-in-zalo-photo-url-validation","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:59:02Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-in-zalo-photo-url-validation"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375357?format=json","purl":"pkg:npm/openclaw@2026.4.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22"}],"aliases":["CVE-2026-44116","GHSA-2hh7-c75g-qj2r"],"risk_score":3.9,"exploitability":"0.5","weighted_severity":"7.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9u9n-s6sc-2bhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67838?format=json","vulnerability_id":"VCID-afjz-us2v-k7ak","summary":"OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers to redirect writes outside the intended mount root. Attackers can exploit symlink swaps during filesystem operations to bypass sandbox restrictions and write files outside the local mount root.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44112","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11306","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11262","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11296","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11237","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44112"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44112","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44112"},{"reference_url":"https://github.com/openclaw/openclaw/commit/7be82d4fd1193bcb7e44ee38838f00bf924ffa76","reference_id":"7be82d4fd1193bcb7e44ee38838f00bf924ffa76","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T17:25:18Z/"}],"url":"https://github.com/openclaw/openclaw/commit/7be82d4fd1193bcb7e44ee38838f00bf924ffa76"},{"reference_url":"https://github.com/advisories/GHSA-wppj-c6mr-83jj","reference_id":"GHSA-wppj-c6mr-83jj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wppj-c6mr-83jj"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-wppj-c6mr-83jj","reference_id":"GHSA-wppj-c6mr-83jj","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T17:25:18Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-wppj-c6mr-83jj"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-symlink-swap-race-condition-in-openshell-fs-bridge-writes","reference_id":"openclaw-symlink-swap-race-condition-in-openshell-fs-bridge-writes","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T17:25:18Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-symlink-swap-race-condition-in-openshell-fs-bridge-writes"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375357?format=json","purl":"pkg:npm/openclaw@2026.4.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22"}],"aliases":["CVE-2026-44112","GHSA-wppj-c6mr-83jj"],"risk_score":4.3,"exploitability":"0.5","weighted_severity":"8.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-afjz-us2v-k7ak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67711?format=json","vulnerability_id":"VCID-b158-4js1-77de","summary":"OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspace dotenv to override MINIMAX_API_HOST. Attackers can redirect credentialed MiniMax API requests to attacker-controlled origins, exposing the MiniMax API key in Authorization headers.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44992","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01299","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.0177","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01779","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01773","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44992"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44992","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44992"},{"reference_url":"https://github.com/openclaw/openclaw/commit/2f06696579a1ab0cb5bbbbb6a900414a6b2e3cd1","reference_id":"2f06696579a1ab0cb5bbbbb6a900414a6b2e3cd1","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"4.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:27:53Z/"}],"url":"https://github.com/openclaw/openclaw/commit/2f06696579a1ab0cb5bbbbb6a900414a6b2e3cd1"},{"reference_url":"https://github.com/advisories/GHSA-h2vw-ph2c-jvwf","reference_id":"GHSA-h2vw-ph2c-jvwf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h2vw-ph2c-jvwf"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-h2vw-ph2c-jvwf","reference_id":"GHSA-h2vw-ph2c-jvwf","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:27:53Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-h2vw-ph2c-jvwf"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-minimax-api-host-override-via-workspace-dotenv","reference_id":"openclaw-minimax-api-host-override-via-workspace-dotenv","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"4.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:27:53Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-minimax-api-host-override-via-workspace-dotenv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["CVE-2026-44992","GHSA-h2vw-ph2c-jvwf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b158-4js1-77de"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67891?format=json","vulnerability_id":"VCID-c3fa-2u7p-pkgn","summary":"OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation that allows unauthenticated requests to reach command dispatch. Missing encryptKey configuration and blank callback tokens fail open instead of rejecting requests, enabling attackers to bypass signature verification and replay protection to execute arbitrary commands.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44109","reference_id":"","reference_type":"","scores":[{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42226","published_at":"2026-06-12T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42239","published_at":"2026-06-14T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42248","published_at":"2026-06-13T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42062","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44109"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/pull/66707","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/66707"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44109","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44109"},{"reference_url":"https://github.com/openclaw/openclaw/commit/c8003f1b33ed2924be5f62131bd28742c5a41aae","reference_id":"c8003f1b33ed2924be5f62131bd28742c5a41aae","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-07T12:34:48Z/"}],"url":"https://github.com/openclaw/openclaw/commit/c8003f1b33ed2924be5f62131bd28742c5a41aae"},{"reference_url":"https://github.com/advisories/GHSA-xh72-v6v9-mwhc","reference_id":"GHSA-xh72-v6v9-mwhc","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xh72-v6v9-mwhc"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xh72-v6v9-mwhc","reference_id":"GHSA-xh72-v6v9-mwhc","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-07T12:34:48Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xh72-v6v9-mwhc"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-authentication-bypass-in-feishu-webhook-and-card-action-validation","reference_id":"openclaw-authentication-bypass-in-feishu-webhook-and-card-action-validation","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-07T12:34:48Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-authentication-bypass-in-feishu-webhook-and-card-action-validation"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373280?format=json","purl":"pkg:npm/openclaw@2026.4.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.15"}],"aliases":["CVE-2026-44109","GHSA-xh72-v6v9-mwhc"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c3fa-2u7p-pkgn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69923?format=json","vulnerability_id":"VCID-c8dt-7z8a-qufe","summary":"OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors. Attackers with workspace access can redirect runtime traffic to malicious endpoints by setting endpoint variables in dotenv files.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45003","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01333","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01834","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01826","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45003"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45003","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45003"},{"reference_url":"https://github.com/openclaw/openclaw/commit/0623079e98abf7202591f1b04a89755eb7ec9272","reference_id":"0623079e98abf7202591f1b04a89755eb7ec9272","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"4.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:02Z/"}],"url":"https://github.com/openclaw/openclaw/commit/0623079e98abf7202591f1b04a89755eb7ec9272"},{"reference_url":"https://github.com/advisories/GHSA-55cf-xx38-4p9p","reference_id":"GHSA-55cf-xx38-4p9p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-55cf-xx38-4p9p"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-55cf-xx38-4p9p","reference_id":"GHSA-55cf-xx38-4p9p","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:02Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-55cf-xx38-4p9p"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-connector-endpoint-host-override-via-workspace-dotenv-files","reference_id":"openclaw-connector-endpoint-host-override-via-workspace-dotenv-files","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"4.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:02Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-connector-endpoint-host-override-via-workspace-dotenv-files"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375357?format=json","purl":"pkg:npm/openclaw@2026.4.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22"}],"aliases":["CVE-2026-45003","GHSA-55cf-xx38-4p9p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c8dt-7z8a-qufe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67686?format=json","vulnerability_id":"VCID-cbdg-vzrj-puc2","summary":"OpenClaw before 2026.4.20 contains an improper environment variable validation vulnerability in MCP stdio server configuration that allows attackers to execute arbitrary code. Malicious workspace configurations can pass dangerous startup variables like NODE_OPTIONS, LD_PRELOAD, or BASH_ENV to spawned MCP server processes, enabling code injection when operators start sessions using those servers.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44995","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01927","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02796","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02786","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02801","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44995"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44995","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44995"},{"reference_url":"https://github.com/openclaw/openclaw/commit/62fa5071896e95edc7f67d1cebc70a2859e283af","reference_id":"62fa5071896e95edc7f67d1cebc70a2859e283af","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T17:56:23Z/"}],"url":"https://github.com/openclaw/openclaw/commit/62fa5071896e95edc7f67d1cebc70a2859e283af"},{"reference_url":"https://github.com/openclaw/openclaw/commit/85d86ebc4bf3d2226d39d132a484f4f7a299fa1b","reference_id":"85d86ebc4bf3d2226d39d132a484f4f7a299fa1b","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T17:56:23Z/"}],"url":"https://github.com/openclaw/openclaw/commit/85d86ebc4bf3d2226d39d132a484f4f7a299fa1b"},{"reference_url":"https://github.com/advisories/GHSA-mj59-h3q9-ghfh","reference_id":"GHSA-mj59-h3q9-ghfh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mj59-h3q9-ghfh"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mj59-h3q9-ghfh","reference_id":"GHSA-mj59-h3q9-ghfh","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T17:56:23Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mj59-h3q9-ghfh"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-mcp-stdio-environment-variables","reference_id":"openclaw-arbitrary-code-execution-via-mcp-stdio-environment-variables","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T17:56:23Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-mcp-stdio-environment-variables"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["CVE-2026-44995","GHSA-mj59-h3q9-ghfh"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cbdg-vzrj-puc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67718?format=json","vulnerability_id":"VCID-cf4u-fs5p-3ue3","summary":"OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skips URL validation. Attackers can bypass SSRF protections by sending crafted image URLs to uploadC2CMedia and uploadGroupMedia endpoints to relay unintended requests.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44117","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14214","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14184","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14211","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14096","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44117"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44117","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44117"},{"reference_url":"https://github.com/openclaw/openclaw/commit/49db424c8001f2f419aad85f434894d8d85c1a09","reference_id":"49db424c8001f2f419aad85f434894d8d85c1a09","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:33:16Z/"}],"url":"https://github.com/openclaw/openclaw/commit/49db424c8001f2f419aad85f434894d8d85c1a09"},{"reference_url":"https://github.com/advisories/GHSA-c4qg-j8jg-42q5","reference_id":"GHSA-c4qg-j8jg-42q5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c4qg-j8jg-42q5"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-c4qg-j8jg-42q5","reference_id":"GHSA-c4qg-j8jg-42q5","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:33:16Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-c4qg-j8jg-42q5"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-in-qqbot-direct-media-upload","reference_id":"openclaw-server-side-request-forgery-in-qqbot-direct-media-upload","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:33:16Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-in-qqbot-direct-media-upload"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["CVE-2026-44117","GHSA-c4qg-j8jg-42q5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cf4u-fs5p-3ue3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67782?format=json","vulnerability_id":"VCID-e327-pu9e-x7gh","summary":"OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents to spawn ACP child sessions that fail to inherit depth, child-count limits, control scope, or target-agent restrictions. Attackers can exploit this by spawning child sessions that bypass subagent-only constraints, potentially escalating privileges or accessing restricted resources.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44997","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0842","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09884","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09871","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09886","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44997"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44997","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44997"},{"reference_url":"https://github.com/openclaw/openclaw/commit/31160dc069b7cc5d833b39c53736a41ad3befda2","reference_id":"31160dc069b7cc5d833b39c53736a41ad3befda2","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:34Z/"}],"url":"https://github.com/openclaw/openclaw/commit/31160dc069b7cc5d833b39c53736a41ad3befda2"},{"reference_url":"https://github.com/advisories/GHSA-q3jj-46pq-826r","reference_id":"GHSA-q3jj-46pq-826r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q3jj-46pq-826r"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-q3jj-46pq-826r","reference_id":"GHSA-q3jj-46pq-826r","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:34Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-q3jj-46pq-826r"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-security-envelope-constraint-bypass-in-acp-child-sessions","reference_id":"openclaw-security-envelope-constraint-bypass-in-acp-child-sessions","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:34Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-security-envelope-constraint-bypass-in-acp-child-sessions"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375357?format=json","purl":"pkg:npm/openclaw@2026.4.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22"}],"aliases":["CVE-2026-44997","GHSA-q3jj-46pq-826r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e327-pu9e-x7gh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67649?format=json","vulnerability_id":"VCID-e8sz-63dk-tfbs","summary":"OpenClaw before 2026.4.21 contains an authorization bypass vulnerability in command-auth.ts that allows non-owner senders to execute owner-enforced slash commands when wildcard inbound senders are configured without explicit owner allowFrom settings. Attackers can exploit this by sending commands like /send, /config, or /debug on affected channels to bypass owner-only command authorization checks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44991","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.09004","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10527","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.1055","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44991"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44991","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44991"},{"reference_url":"https://github.com/openclaw/openclaw/commit/2aa93d44a1b2c7058c371f261fda2b5d4de4a882","reference_id":"2aa93d44a1b2c7058c371f261fda2b5d4de4a882","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:26:30Z/"}],"url":"https://github.com/openclaw/openclaw/commit/2aa93d44a1b2c7058c371f261fda2b5d4de4a882"},{"reference_url":"https://github.com/openclaw/openclaw/commit/995febb7b1e811ff6a1df5b18c22de94103f4c9f","reference_id":"995febb7b1e811ff6a1df5b18c22de94103f4c9f","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:26:30Z/"}],"url":"https://github.com/openclaw/openclaw/commit/995febb7b1e811ff6a1df5b18c22de94103f4c9f"},{"reference_url":"https://github.com/advisories/GHSA-c28g-vh7m-fm7v","reference_id":"GHSA-c28g-vh7m-fm7v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c28g-vh7m-fm7v"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-c28g-vh7m-fm7v","reference_id":"GHSA-c28g-vh7m-fm7v","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:26:30Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-c28g-vh7m-fm7v"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-owner-enforced-commands-via-wildcard-channel-senders","reference_id":"openclaw-authorization-bypass-in-owner-enforced-commands-via-wildcard-channel-senders","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:26:30Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-owner-enforced-commands-via-wildcard-channel-senders"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374221?format=json","purl":"pkg:npm/openclaw@2026.4.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.21"}],"aliases":["CVE-2026-44991","GHSA-c28g-vh7m-fm7v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e8sz-63dk-tfbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360432?format=json","vulnerability_id":"VCID-eefn-gpc1-mfdx","summary":"OpenClaw's gateway config mutation guard allowed unsafe model-driven config writes\n## Summary\n\nThe agent-facing `gateway` tool protects `config.apply` and `config.patch` with a model-to-operator trust boundary. That guard used a hand-maintained denylist of protected config paths. The config schema outgrew that denylist, leaving sensitive subtrees writable through model-driven gateway config mutations.\n\n## Impact\n\nA prompt-injected or otherwise compromised model running with access to the owner-only `gateway` tool could persist unsafe config changes that crossed security boundaries. Examples included config paths affecting command execution, network/proxy/TLS behavior, credential forwarding, telemetry or hook endpoints, memory/indexing surfaces, and operator policy controls. These changes could survive restart once written to config.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` on npm\n- Affected: versions before `2026.4.23`\n- Fixed: `2026.4.23`\n- Latest stable verified fixed: `openclaw@2026.4.23`, tag `v2026.4.23`\n\n## Fix\n\nOpenClaw replaced the denylist with a fail-closed allowlist. Agent-driven `gateway config.apply` and `gateway config.patch` now permit only narrow agent-tunable prompt/model settings and mention-gating paths. Other config changes are rejected before the gateway mutation RPC is invoked.\n\n## Fix Commit(s)\n\n- `bceda6089aa7b3695cc7696b43c61ae3d01bb0ec` (`fix(gateway): fail closed on runtime config edits`)\n\n## Severity\n\nSeverity remains `high`. The vulnerable entry point is owner-only, but the model/agent is not a trusted principal under OpenClaw's security model, and the guard is the explicit model-to-operator boundary for persisted config mutation.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-cwj3-vqpp-pmxr","reference_id":"GHSA-cwj3-vqpp-pmxr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cwj3-vqpp-pmxr"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cwj3-vqpp-pmxr","reference_id":"GHSA-cwj3-vqpp-pmxr","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cwj3-vqpp-pmxr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375456?format=json","purl":"pkg:npm/openclaw@2026.4.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.23"}],"aliases":["GHSA-cwj3-vqpp-pmxr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eefn-gpc1-mfdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69771?format=json","vulnerability_id":"VCID-fgkb-fmuq-wffh","summary":"OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver that loads setup-api.js from process.cwd() during provider setup metadata resolution. Attackers can execute arbitrary JavaScript under the current user account by placing a malicious extensions/<plugin>/setup-api.js file in a repository and convincing a user to run OpenClaw commands from that directory.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45004","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02795","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03606","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03593","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03602","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45004"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45004","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45004"},{"reference_url":"https://github.com/openclaw/openclaw/commit/993781e6e6eaf50f033cfc3e3bf4f47059740707","reference_id":"993781e6e6eaf50f033cfc3e3bf4f47059740707","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T18:30:14Z/"}],"url":"https://github.com/openclaw/openclaw/commit/993781e6e6eaf50f033cfc3e3bf4f47059740707"},{"reference_url":"https://github.com/advisories/GHSA-r39h-4c2p-3jxp","reference_id":"GHSA-r39h-4c2p-3jxp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r39h-4c2p-3jxp"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-r39h-4c2p-3jxp","reference_id":"GHSA-r39h-4c2p-3jxp","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T18:30:14Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-r39h-4c2p-3jxp"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-setup-api-js-in-current-working-directory","reference_id":"openclaw-arbitrary-code-execution-via-setup-api-js-in-current-working-directory","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T18:30:14Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-setup-api-js-in-current-working-directory"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375456?format=json","purl":"pkg:npm/openclaw@2026.4.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.23"}],"aliases":["CVE-2026-45004","GHSA-r39h-4c2p-3jxp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fgkb-fmuq-wffh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359785?format=json","vulnerability_id":"VCID-hbkd-8rx2-4qb8","summary":"OpenClaw: Agent gateway config mutations could change protected operator settings\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nThe agent-facing `gateway config.patch` / `config.apply` guard did not cover several operator-trusted settings, including sandbox policy, plugin enablement, gateway auth/TLS, hook routing, MCP server configuration, SSRF policy, and filesystem hardening. A prompt-injected model with access to the owner-only gateway tool could persist changes to those settings.\n\nThis is a model-to-operator guard bypass, not a remote unauthenticated gateway compromise. Severity is medium.\n\n## Fix\n\nOpenClaw now blocks model-driven gateway config mutations for the broader operator-trusted path set and covers per-agent overrides and array-entry patching.\n\nFix commit:\n\n- `fe30b31a97a917ecc6e92f6c85378b6b20352422`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-7jm2-g593-4qrc","reference_id":"GHSA-7jm2-g593-4qrc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7jm2-g593-4qrc"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-7jm2-g593-4qrc","reference_id":"GHSA-7jm2-g593-4qrc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-7jm2-g593-4qrc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["GHSA-7jm2-g593-4qrc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hbkd-8rx2-4qb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80674?format=json","vulnerability_id":"VCID-hwyc-kv1j-1yhm","summary":"OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially disclosing sensitive files or exposing credentials.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41389","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1317","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13251","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13277","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13271","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41389"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/pull/67293","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/67293"},{"reference_url":"https://github.com/openclaw/openclaw/pull/67298","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/67298"},{"reference_url":"https://github.com/openclaw/openclaw/pull/67303","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/67303"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41389","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41389"},{"reference_url":"https://github.com/openclaw/openclaw/commit/1470de5d3e0970856d86cd99336bb8ada3fe87da","reference_id":"1470de5d3e0970856d86cd99336bb8ada3fe87da","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-20T18:04:52Z/"}],"url":"https://github.com/openclaw/openclaw/commit/1470de5d3e0970856d86cd99336bb8ada3fe87da"},{"reference_url":"https://github.com/openclaw/openclaw/commit/52ef42302ead9e183e6c8810e0a04ee4ef8ae9fc","reference_id":"52ef42302ead9e183e6c8810e0a04ee4ef8ae9fc","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-20T18:04:52Z/"}],"url":"https://github.com/openclaw/openclaw/commit/52ef42302ead9e183e6c8810e0a04ee4ef8ae9fc"},{"reference_url":"https://github.com/openclaw/openclaw/commit/6e58f1f9f54bca1fea1268ec0ee4c01a2af03dde","reference_id":"6e58f1f9f54bca1fea1268ec0ee4c01a2af03dde","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-20T18:04:52Z/"}],"url":"https://github.com/openclaw/openclaw/commit/6e58f1f9f54bca1fea1268ec0ee4c01a2af03dde"},{"reference_url":"https://github.com/advisories/GHSA-mr34-9552-qr95","reference_id":"GHSA-mr34-9552-qr95","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mr34-9552-qr95"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mr34-9552-qr95","reference_id":"GHSA-mr34-9552-qr95","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-20T18:04:52Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mr34-9552-qr95"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-unvalidated-tool-result-media-paths","reference_id":"openclaw-arbitrary-file-read-via-unvalidated-tool-result-media-paths","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-20T18:04:52Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-file-read-via-unvalidated-tool-result-media-paths"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373280?format=json","purl":"pkg:npm/openclaw@2026.4.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.15"}],"aliases":["CVE-2026-41389","GHSA-mr34-9552-qr95"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hwyc-kv1j-1yhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360332?format=json","vulnerability_id":"VCID-jdbz-6b2q-xyav","summary":"OpenClaw's Gateway Control UI bootstrap config required Gateway auth\n## Summary\nGateway Control UI bootstrap config required Gateway auth.\n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: <= 2026.4.21\n- Fixed version: 2026.4.22\n\n## Impact\nWhen Gateway authentication was enabled, the Control UI bootstrap config endpoint could still be read without a valid Gateway token. That response could expose sensitive bootstrap/config fields intended only for authenticated Control UI sessions.\n\n## Fix\nThe bootstrap config route now goes through the same Gateway read-auth path as other authenticated Control UI reads. Regression tests cover unauthenticated rejection, valid-token access, and basePath handling.\n\n## Fix Commit(s)\n- 2321d67263bc710e357644d59f746b08d891051b\n\n## Verification\n- The fix commit is contained in the public v2026.4.22 tag.\n- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.\n- Focused regression coverage for this path passed before publication.\n\nOpenClaw thanks @zsxsoft for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-93rg-2xm5-2p9v","reference_id":"GHSA-93rg-2xm5-2p9v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-93rg-2xm5-2p9v"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-93rg-2xm5-2p9v","reference_id":"GHSA-93rg-2xm5-2p9v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-93rg-2xm5-2p9v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375357?format=json","purl":"pkg:npm/openclaw@2026.4.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22"}],"aliases":["GHSA-93rg-2xm5-2p9v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jdbz-6b2q-xyav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359880?format=json","vulnerability_id":"VCID-jwnv-j7hq-sbh9","summary":"OpenClaw: QMD memory_get restricts reads to canonical or indexed memory paths\n## Summary\n\nThe QMD backend `memory_get` read path accepted arbitrary workspace Markdown paths that were inside the workspace but outside the canonical memory locations or indexed QMD result set.\n\n## Impact\n\nWhen the QMD backend was enabled, a caller with access to `memory_get` could read arbitrary `*.md` files under the configured workspace root, even when those files were not canonical memory files and had not been returned by QMD search. Severity remains low because exploitation requires access to the memory tool surface and is limited to workspace Markdown files, but it bypassed the intended memory-path policy.\n\n## Affected versions\n\n- Affected: `< 2026.4.15`\n- Patched: `2026.4.15`\n\n## Fix\n\nOpenClaw `2026.4.15` restricts QMD reads to canonical memory paths or previously indexed QMD workspace paths. Workspace containment alone is no longer sufficient.\n\nVerified in `v2026.4.15`:\n\n- `extensions/memory-core/src/memory/qmd-manager.ts` rejects non-default workspace Markdown paths unless they match an indexed QMD workspace read path.\n- `extensions/memory-core/src/memory/qmd-manager.test.ts` covers QMD session search-result reads and the read-path restriction behavior.\n\nFix commit included in `v2026.4.15` and absent from `v2026.4.14`:\n\n- `37d5971db36491d5050efd42c333cbe0b98ed292` via PR #66026\n\nThanks to @zsxsoft, Keen Security Lab, and @qclawer for reporting this issue.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/openclaw/openclaw/pull/66026","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/pull/66026"},{"reference_url":"https://github.com/advisories/GHSA-f934-5rqf-xx47","reference_id":"GHSA-f934-5rqf-xx47","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f934-5rqf-xx47"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-f934-5rqf-xx47","reference_id":"GHSA-f934-5rqf-xx47","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-f934-5rqf-xx47"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373280?format=json","purl":"pkg:npm/openclaw@2026.4.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.15"}],"aliases":["GHSA-f934-5rqf-xx47"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jwnv-j7hq-sbh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80789?format=json","vulnerability_id":"VCID-qpq9-cabj-a7hj","summary":"OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerability in the assistant-media route that allows trusted-proxy callers without operator.read scope to access protected assistant-media files and metadata. Attackers can bypass identity-bearing HTTP auth path scope validation to retrieve sensitive media content within allowed media roots.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41908","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11227","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11185","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11219","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11162","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41908"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41908","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41908"},{"reference_url":"https://github.com/openclaw/openclaw/commit/99ef3a63c58440d53f8e45ad861b846032fcb036","reference_id":"99ef3a63c58440d53f8e45ad861b846032fcb036","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T18:25:38Z/"}],"url":"https://github.com/openclaw/openclaw/commit/99ef3a63c58440d53f8e45ad861b846032fcb036"},{"reference_url":"https://github.com/advisories/GHSA-v8qf-fr4g-28p2","reference_id":"GHSA-v8qf-fr4g-28p2","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v8qf-fr4g-28p2"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-v8qf-fr4g-28p2","reference_id":"GHSA-v8qf-fr4g-28p2","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T18:25:38Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-v8qf-fr4g-28p2"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-scope-enforcement-bypass-in-assistant-media-route","reference_id":"openclaw-scope-enforcement-bypass-in-assistant-media-route","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T18:25:38Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-scope-enforcement-bypass-in-assistant-media-route"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["CVE-2026-41908","GHSA-v8qf-fr4g-28p2"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qpq9-cabj-a7hj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67930?format=json","vulnerability_id":"VCID-qqsk-1mk9-pygw","summary":"OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in the OpenShell filesystem bridge that allows attackers to read files outside the intended mount root. Attackers can exploit symlink swaps during filesystem operations to bypass sandbox restrictions and access unauthorized file contents.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44113","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11644","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11609","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11638","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11567","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44113"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44113","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44113"},{"reference_url":"https://github.com/openclaw/openclaw/commit/95119017c847c737bd113f0bff728c4666d79c45","reference_id":"95119017c847c737bd113f0bff728c4666d79c45","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:04:19Z/"}],"url":"https://github.com/openclaw/openclaw/commit/95119017c847c737bd113f0bff728c4666d79c45"},{"reference_url":"https://github.com/advisories/GHSA-5h3g-6xhh-rg6p","reference_id":"GHSA-5h3g-6xhh-rg6p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5h3g-6xhh-rg6p"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5h3g-6xhh-rg6p","reference_id":"GHSA-5h3g-6xhh-rg6p","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:04:19Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5h3g-6xhh-rg6p"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-time-of-check-time-of-use-race-condition-in-openshell-fs-bridge","reference_id":"openclaw-time-of-check-time-of-use-race-condition-in-openshell-fs-bridge","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:04:19Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-time-of-check-time-of-use-race-condition-in-openshell-fs-bridge"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375357?format=json","purl":"pkg:npm/openclaw@2026.4.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22"}],"aliases":["CVE-2026-44113","GHSA-5h3g-6xhh-rg6p"],"risk_score":3.8,"exploitability":"0.5","weighted_severity":"7.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qqsk-1mk9-pygw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67822?format=json","vulnerability_id":"VCID-r75w-jwbm-dyew","summary":"OpenClaw before 2026.4.20 fails to properly preserve untrusted labels for isolated cron awareness events, allowing webhook-triggered cron agent output to be recorded as trusted system events. Attackers can exploit this trust-labeling issue to strengthen prompt-injection attacks by rendering untrusted events as trusted System events.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44999","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04755","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05529","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05537","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05543","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44999"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44999","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44999"},{"reference_url":"https://github.com/openclaw/openclaw/commit/f61896b03cc7031f51106a04566831f4ac2a0bd7","reference_id":"f61896b03cc7031f51106a04566831f4ac2a0bd7","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T13:52:52Z/"}],"url":"https://github.com/openclaw/openclaw/commit/f61896b03cc7031f51106a04566831f4ac2a0bd7"},{"reference_url":"https://github.com/advisories/GHSA-57r2-h2wj-g887","reference_id":"GHSA-57r2-h2wj-g887","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-57r2-h2wj-g887"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-57r2-h2wj-g887","reference_id":"GHSA-57r2-h2wj-g887","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T13:52:52Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-57r2-h2wj-g887"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-improper-trust-labeling-in-isolated-cron-awareness-events","reference_id":"openclaw-improper-trust-labeling-in-isolated-cron-awareness-events","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T13:52:52Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-improper-trust-labeling-in-isolated-cron-awareness-events"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["CVE-2026-44999","GHSA-57r2-h2wj-g887"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r75w-jwbm-dyew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360458?format=json","vulnerability_id":"VCID-sbxm-vwhw-9fhd","summary":"OpenClaw's exec allowlist analysis rejects shell expansion in unquoted heredocs\n## Summary\nExec allowlist analysis rejects shell expansion in unquoted heredocs\n\n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: <= 2026.4.21\n- Fixed version: 2026.4.22\n\n## Impact\nAn allowlisted command containing an unquoted heredoc could hide shell expansion in the heredoc body. That could make the approved command text look safer than what the shell would evaluate at runtime.\n\n## Fix\nThe exec command analyzer now tracks heredoc bodies, rejects unquoted heredoc expansion tokens and continuation-splice bypasses, and preserves quoted heredocs and literal safe text.\n\n## Fix Commit(s)\n- b2e8b7d4bb2f22eaa16f5c4b07547774e90b65a5\n\n## Verification\n- The fix commit is contained in the public v2026.4.22 tag.\n- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.\n- Focused regression coverage for this path passed before publication.\n\nThanks @VladimirEliTokarev for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-x3h8-jrgh-p8jx","reference_id":"GHSA-x3h8-jrgh-p8jx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x3h8-jrgh-p8jx"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-x3h8-jrgh-p8jx","reference_id":"GHSA-x3h8-jrgh-p8jx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-x3h8-jrgh-p8jx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375357?format=json","purl":"pkg:npm/openclaw@2026.4.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22"}],"aliases":["GHSA-x3h8-jrgh-p8jx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sbxm-vwhw-9fhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359759?format=json","vulnerability_id":"VCID-t7nn-6cy7-2yak","summary":"OpenClaw: Webchat audio embedding could read local files without local-root containment\n## Impact\n\nOpenClaw deployments before `2026.4.15` could embed host-local audio files into webchat responses without applying the local media root containment check used by other media-serving paths.\n\nIf an attacker could influence an agent or tool-produced `ReplyPayload.mediaUrl`, the webchat audio embedding helper could resolve an absolute local path or `file:` URL, read an audio-like file under the size cap, and base64-encode it into the webchat media response. This crossed the model/tool-output boundary into a host file read. Prompt injection or malicious tool output is a delivery mechanism; the security boundary failure is the missing local-root containment check.\n\nThe impact is narrow: the file had to be readable by the gateway process, have an audio-like extension, and fit within the webchat audio size cap. The issue exposed contents into the webchat assistant/media transcript path; it was not a general remote filesystem API.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` on npm\n- Affected versions: `<= 2026.4.14`\n- Patched version: `2026.4.15`\n\nThe latest public release, `2026.4.21`, also contains the fix.\n\n## Patches\n\nThe public fix threads the applicable local media roots into the webchat audio embedding path and calls `assertLocalMediaAllowed` before local audio content is read. Current `main` also includes an additional `trustedLocalMedia` gate so untrusted model/tool payloads cannot opt into local audio embedding.\n\nFix commit:\n\n- `6e58f1f9f54bca1fea1268ec0ee4c01a2af03dde`\n\n## Workarounds\n\nUpgrade to `openclaw@2026.4.15` or later. The latest public release, `2026.4.21`, is fixed. Before upgrading, avoid exposing webchat sessions to untrusted prompt/tool content that can influence reply media URLs.\n\n## Credits\n\nOpenClaw thanks @zsxsoft for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-gfg9-5357-hv4c","reference_id":"GHSA-gfg9-5357-hv4c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gfg9-5357-hv4c"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-gfg9-5357-hv4c","reference_id":"GHSA-gfg9-5357-hv4c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-gfg9-5357-hv4c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373280?format=json","purl":"pkg:npm/openclaw@2026.4.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4qqv-57ws-4yb3"},{"vulnerability":"VCID-5zh4-jn4s-akc9"},{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-8h62-5c5b-cbdt"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-b158-4js1-77de"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-cbdg-vzrj-puc2"},{"vulnerability":"VCID-cf4u-fs5p-3ue3"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-hbkd-8rx2-4qb8"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qpq9-cabj-a7hj"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-r75w-jwbm-dyew"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-tegh-qc36-ufha"},{"vulnerability":"VCID-v6e8-g5w8-k3ax"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"},{"vulnerability":"VCID-yqjc-khg8-uyb4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.15"}],"aliases":["GHSA-gfg9-5357-hv4c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t7nn-6cy7-2yak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359830?format=json","vulnerability_id":"VCID-tegh-qc36-ufha","summary":"OpenClaw: Bundled MCP/LSP tools could bypass configured tool policy\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nBundled MCP and LSP tools could be appended to the agent's effective tool set after the normal tool-policy pipeline had already filtered core tools. If an operator configured a restrictive policy, such as a tool profile, explicit allow/deny list, owner-only tool restriction, sandbox tool policy, or subagent tool policy, a bundled MCP/LSP tool could remain available even though the same policy would have denied it.\n\nThe issue required a configured bundled MCP or LSP tool source and an operator policy that should have restricted that tool. This was a local agent policy-enforcement bypass, not an unauthenticated remote gateway compromise. Severity is medium.\n\n## Fix\n\nOpenClaw now applies a final effective tool policy pass to bundled MCP/LSP tools before merging them into the tool set used by normal runs and compaction. The pass covers profile policy, provider profile policy, global/agent/group policies, owner-only filtering, sandbox tool policy, and subagent tool policy.\n\nFix commit:\n\n- `0e7a992d3f3155199c1acc2dd9a53c5b3a4d3ada`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-qrp5-gfw2-gxv4","reference_id":"GHSA-qrp5-gfw2-gxv4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qrp5-gfw2-gxv4"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qrp5-gfw2-gxv4","reference_id":"GHSA-qrp5-gfw2-gxv4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qrp5-gfw2-gxv4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["GHSA-qrp5-gfw2-gxv4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tegh-qc36-ufha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359841?format=json","vulnerability_id":"VCID-v6e8-g5w8-k3ax","summary":"OpenClaw: Browser CDP profile creation skipped strict-mode SSRF checks\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nBrowser profile creation normalized `cdpUrl` values before persisting them, but did not apply the configured browser SSRF policy at creation time. In deployments that explicitly disabled private-network CDP targets, a stored profile could still point at a private-network or metadata endpoint and later be probed by normal profile status flows.\n\nDefault trusted-operator browser behavior allows private-network CDP endpoints, so this only affected strict-mode deployments. Severity is low.\n\n## Fix\n\nOpenClaw now checks CDP endpoints against the browser SSRF policy during profile creation and reachability operations.\n\nFix commits:\n\n- `1fd049e3074cac72f6734a7fe88468c84f5f8bd7`\n- `e90c89cf8b1459f2aa1f3a665be67392b6c03fdf`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-j4c5-89f5-f3pm","reference_id":"GHSA-j4c5-89f5-f3pm","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j4c5-89f5-f3pm"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-j4c5-89f5-f3pm","reference_id":"GHSA-j4c5-89f5-f3pm","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-j4c5-89f5-f3pm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["GHSA-j4c5-89f5-f3pm"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v6e8-g5w8-k3ax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69848?format=json","vulnerability_id":"VCID-y5k6-v1cj-cqg6","summary":"OpenClaw before 2026.4.23 caches resolved webhook route secrets backed by SecretRef values, allowing stale secrets to remain valid after rotation and reload. Attackers with previously valid webhook route secrets can continue authenticating requests and invoking configured webhook task flows until gateway or plugin restart.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45005","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17871","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19514","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19539","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19517","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45005"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45005","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45005"},{"reference_url":"https://github.com/openclaw/openclaw/commit/36c4a372a0ad5dca8bfc0d93f7aab9c2f2de66fa","reference_id":"36c4a372a0ad5dca8bfc0d93f7aab9c2f2de66fa","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T16:10:40Z/"}],"url":"https://github.com/openclaw/openclaw/commit/36c4a372a0ad5dca8bfc0d93f7aab9c2f2de66fa"},{"reference_url":"https://github.com/advisories/GHSA-q8ff-7ffm-m3r9","reference_id":"GHSA-q8ff-7ffm-m3r9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q8ff-7ffm-m3r9"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-q8ff-7ffm-m3r9","reference_id":"GHSA-q8ff-7ffm-m3r9","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T16:10:40Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-q8ff-7ffm-m3r9"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-webhook-route-secret-cache-not-invalidated-after-rotation","reference_id":"openclaw-webhook-route-secret-cache-not-invalidated-after-rotation","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T16:10:40Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-webhook-route-secret-cache-not-invalidated-after-rotation"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375456?format=json","purl":"pkg:npm/openclaw@2026.4.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.23"}],"aliases":["CVE-2026-45005","GHSA-q8ff-7ffm-m3r9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y5k6-v1cj-cqg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67862?format=json","vulnerability_id":"VCID-yqjc-khg8-uyb4","summary":"OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW_ runtime-control environment namespace in workspace dotenv files, allowing attackers to override critical runtime variables. Malicious workspaces can set variables like OPENCLAW_GIT_DIR to manipulate trusted OpenClaw runtime behavior during source-update or installer flows.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44114","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07205","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07239","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07238","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07245","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44114"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44114","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44114"},{"reference_url":"https://github.com/openclaw/openclaw/commit/018494fa3ebb9145112e68b56fe1cb2e9f9a9ed6","reference_id":"018494fa3ebb9145112e68b56fe1cb2e9f9a9ed6","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:52:56Z/"}],"url":"https://github.com/openclaw/openclaw/commit/018494fa3ebb9145112e68b56fe1cb2e9f9a9ed6"},{"reference_url":"https://github.com/advisories/GHSA-hxvm-xjvf-93f3","reference_id":"GHSA-hxvm-xjvf-93f3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hxvm-xjvf-93f3"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hxvm-xjvf-93f3","reference_id":"GHSA-hxvm-xjvf-93f3","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:52:56Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hxvm-xjvf-93f3"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-environment-variable-namespace-collision-via-workspace-dotenv","reference_id":"openclaw-environment-variable-namespace-collision-via-workspace-dotenv","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:52:56Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-environment-variable-namespace-collision-via-workspace-dotenv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["CVE-2026-44114","GHSA-hxvm-xjvf-93f3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yqjc-khg8-uyb4"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.15-beta.2"}