{"url":"http://public2.vulnerablecode.io/api/packages/1028803?format=json","purl":"pkg:npm/openclaw@2026.4.19-beta.1","type":"npm","namespace":"","name":"openclaw","version":"2026.4.19-beta.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2026.4.23","latest_non_vulnerable_version":"2026.4.23","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69834?format=json","vulnerability_id":"VCID-4qqv-57ws-4yb3","summary":"OpenClaw before 2026.4.20 contains a hook session-key bypass vulnerability that allows attackers to circumvent the hooks.allowRequestSessionKey opt-in restriction. Attackers can render externally influenced session keys through templated hook mappings to bypass webhook routing isolation controls.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45002","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10694","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11756","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45002"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45002","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45002"},{"reference_url":"https://github.com/openclaw/openclaw/commit/5275d008ed33203dba3f98e969ad683a65c416c3","reference_id":"5275d008ed33203dba3f98e969ad683a65c416c3","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:46:08Z/"}],"url":"https://github.com/openclaw/openclaw/commit/5275d008ed33203dba3f98e969ad683a65c416c3"},{"reference_url":"https://github.com/advisories/GHSA-2xcp-x87w-q377","reference_id":"GHSA-2xcp-x87w-q377","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2xcp-x87w-q377"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2xcp-x87w-q377","reference_id":"GHSA-2xcp-x87w-q377","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:46:08Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2xcp-x87w-q377"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-hook-session-key-bypass-via-template-mapping","reference_id":"openclaw-hook-session-key-bypass-via-template-mapping","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:46:08Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-hook-session-key-bypass-via-template-mapping"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["CVE-2026-45002","GHSA-2xcp-x87w-q377"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4qqv-57ws-4yb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359764?format=json","vulnerability_id":"VCID-5zh4-jn4s-akc9","summary":"OpenClaw: Paired-device pairing actions were not limited to the caller device\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nA paired device session with limited pairing scope could enumerate global pairing state and act on pairing requests that belonged to another device within the same gateway scope ceiling.\n\nThis is a same-gateway paired-device authorization bug, not a remote unauthenticated issue. Severity is low.\n\n## Fix\n\nPairing management actions are now limited to the caller device, so non-admin paired-device sessions cannot approve or operate on unrelated pending device requests.\n\nFix commit:\n\n- `5a12f30441d5b0b151f550daa2c5c9e8db61e2e6`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-xrq9-jm7v-g9h7","reference_id":"GHSA-xrq9-jm7v-g9h7","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xrq9-jm7v-g9h7"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xrq9-jm7v-g9h7","reference_id":"GHSA-xrq9-jm7v-g9h7","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-xrq9-jm7v-g9h7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["GHSA-xrq9-jm7v-g9h7"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5zh4-jn4s-akc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68039?format=json","vulnerability_id":"VCID-65nh-ys6n-77ag","summary":"OpenClaw before 2026.4.22 derives loopback MCP owner context from spoofable server-issued bearer tokens in request headers. Non-owner loopback clients can present themselves as owner to bypass owner-gated operations by manipulating the sender-owner header metadata.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44118","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02617","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0262","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44118"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44118","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44118"},{"reference_url":"https://github.com/openclaw/openclaw/commit/3cb1a56bfc9579a0f2336f9cfa12a8a744332a19","reference_id":"3cb1a56bfc9579a0f2336f9cfa12a8a744332a19","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T17:21:33Z/"}],"url":"https://github.com/openclaw/openclaw/commit/3cb1a56bfc9579a0f2336f9cfa12a8a744332a19"},{"reference_url":"https://github.com/advisories/GHSA-r6xh-pqhr-v4xh","reference_id":"GHSA-r6xh-pqhr-v4xh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r6xh-pqhr-v4xh"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-r6xh-pqhr-v4xh","reference_id":"GHSA-r6xh-pqhr-v4xh","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T17:21:33Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-r6xh-pqhr-v4xh"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-owner-context-spoofing-via-bearer-token-header","reference_id":"openclaw-owner-context-spoofing-via-bearer-token-header","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T17:21:33Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-owner-context-spoofing-via-bearer-token-header"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375357?format=json","purl":"pkg:npm/openclaw@2026.4.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22"}],"aliases":["CVE-2026-44118","GHSA-r6xh-pqhr-v4xh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-65nh-ys6n-77ag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359778?format=json","vulnerability_id":"VCID-8h62-5c5b-cbdt","summary":"OpenClaw: Feishu card actions could misclassify DMs and skip dmPolicy\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nFeishu card-action callbacks could synthesize a message event with DM conversations classified as group conversations. That skipped `dmPolicy` enforcement for card actions, so a sender in a Feishu DM could trigger card-action flows that should have been blocked by a restrictive DM policy.\n\nThe issue is limited to Feishu card-action handling. Severity is medium.\n\n## Fix\n\nOpenClaw now resolves Feishu card-action chat type before dispatch, including API lookup when stored context is unavailable, and avoids falling through to group handling for DMs.\n\nFix commit:\n\n- `90979d7c3ef7ec30b9f8aa6963a5e38d2f17d166`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-72q8-jcmc-97wx","reference_id":"GHSA-72q8-jcmc-97wx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-72q8-jcmc-97wx"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-72q8-jcmc-97wx","reference_id":"GHSA-72q8-jcmc-97wx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-72q8-jcmc-97wx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["GHSA-72q8-jcmc-97wx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8h62-5c5b-cbdt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67767?format=json","vulnerability_id":"VCID-9u9n-s6sc-2bhw","summary":"OpenClaw before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin's sendPhoto function that fails to validate outbound photo URLs through the SSRF guard. Attackers can bypass SSRF protection by providing malicious photo URLs to the Zalo Bot API, enabling unauthorized access to internal resources.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44116","reference_id":"","reference_type":"","scores":[{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15225","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15353","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44116"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44116","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44116"},{"reference_url":"https://github.com/openclaw/openclaw/commit/a65eb1b864b7630c1242a82de9e5799b80583c3f","reference_id":"a65eb1b864b7630c1242a82de9e5799b80583c3f","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:59:02Z/"}],"url":"https://github.com/openclaw/openclaw/commit/a65eb1b864b7630c1242a82de9e5799b80583c3f"},{"reference_url":"https://github.com/advisories/GHSA-2hh7-c75g-qj2r","reference_id":"GHSA-2hh7-c75g-qj2r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2hh7-c75g-qj2r"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2hh7-c75g-qj2r","reference_id":"GHSA-2hh7-c75g-qj2r","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:59:02Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-2hh7-c75g-qj2r"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-in-zalo-photo-url-validation","reference_id":"openclaw-server-side-request-forgery-in-zalo-photo-url-validation","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:59:02Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-in-zalo-photo-url-validation"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375357?format=json","purl":"pkg:npm/openclaw@2026.4.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22"}],"aliases":["CVE-2026-44116","GHSA-2hh7-c75g-qj2r"],"risk_score":3.9,"exploitability":"0.5","weighted_severity":"7.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9u9n-s6sc-2bhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67838?format=json","vulnerability_id":"VCID-afjz-us2v-k7ak","summary":"OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers to redirect writes outside the intended mount root. Attackers can exploit symlink swaps during filesystem operations to bypass sandbox restrictions and write files outside the local mount root.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44112","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11306","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11237","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44112"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44112","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44112"},{"reference_url":"https://github.com/openclaw/openclaw/commit/7be82d4fd1193bcb7e44ee38838f00bf924ffa76","reference_id":"7be82d4fd1193bcb7e44ee38838f00bf924ffa76","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T17:25:18Z/"}],"url":"https://github.com/openclaw/openclaw/commit/7be82d4fd1193bcb7e44ee38838f00bf924ffa76"},{"reference_url":"https://github.com/advisories/GHSA-wppj-c6mr-83jj","reference_id":"GHSA-wppj-c6mr-83jj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wppj-c6mr-83jj"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-wppj-c6mr-83jj","reference_id":"GHSA-wppj-c6mr-83jj","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T17:25:18Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-wppj-c6mr-83jj"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-symlink-swap-race-condition-in-openshell-fs-bridge-writes","reference_id":"openclaw-symlink-swap-race-condition-in-openshell-fs-bridge-writes","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T17:25:18Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-symlink-swap-race-condition-in-openshell-fs-bridge-writes"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375357?format=json","purl":"pkg:npm/openclaw@2026.4.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22"}],"aliases":["CVE-2026-44112","GHSA-wppj-c6mr-83jj"],"risk_score":4.3,"exploitability":"0.5","weighted_severity":"8.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-afjz-us2v-k7ak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67711?format=json","vulnerability_id":"VCID-b158-4js1-77de","summary":"OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspace dotenv to override MINIMAX_API_HOST. Attackers can redirect credentialed MiniMax API requests to attacker-controlled origins, exposing the MiniMax API key in Authorization headers.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44992","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01299","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.0177","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44992"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44992","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44992"},{"reference_url":"https://github.com/openclaw/openclaw/commit/2f06696579a1ab0cb5bbbbb6a900414a6b2e3cd1","reference_id":"2f06696579a1ab0cb5bbbbb6a900414a6b2e3cd1","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"4.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:27:53Z/"}],"url":"https://github.com/openclaw/openclaw/commit/2f06696579a1ab0cb5bbbbb6a900414a6b2e3cd1"},{"reference_url":"https://github.com/advisories/GHSA-h2vw-ph2c-jvwf","reference_id":"GHSA-h2vw-ph2c-jvwf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h2vw-ph2c-jvwf"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-h2vw-ph2c-jvwf","reference_id":"GHSA-h2vw-ph2c-jvwf","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:27:53Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-h2vw-ph2c-jvwf"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-minimax-api-host-override-via-workspace-dotenv","reference_id":"openclaw-minimax-api-host-override-via-workspace-dotenv","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"4.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:27:53Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-minimax-api-host-override-via-workspace-dotenv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["CVE-2026-44992","GHSA-h2vw-ph2c-jvwf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b158-4js1-77de"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69923?format=json","vulnerability_id":"VCID-c8dt-7z8a-qufe","summary":"OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors. Attackers with workspace access can redirect runtime traffic to malicious endpoints by setting endpoint variables in dotenv files.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45003","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01333","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01826","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45003"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45003","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45003"},{"reference_url":"https://github.com/openclaw/openclaw/commit/0623079e98abf7202591f1b04a89755eb7ec9272","reference_id":"0623079e98abf7202591f1b04a89755eb7ec9272","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"4.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:02Z/"}],"url":"https://github.com/openclaw/openclaw/commit/0623079e98abf7202591f1b04a89755eb7ec9272"},{"reference_url":"https://github.com/advisories/GHSA-55cf-xx38-4p9p","reference_id":"GHSA-55cf-xx38-4p9p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-55cf-xx38-4p9p"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-55cf-xx38-4p9p","reference_id":"GHSA-55cf-xx38-4p9p","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:02Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-55cf-xx38-4p9p"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-connector-endpoint-host-override-via-workspace-dotenv-files","reference_id":"openclaw-connector-endpoint-host-override-via-workspace-dotenv-files","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"4.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:02Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-connector-endpoint-host-override-via-workspace-dotenv-files"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375357?format=json","purl":"pkg:npm/openclaw@2026.4.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22"}],"aliases":["CVE-2026-45003","GHSA-55cf-xx38-4p9p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c8dt-7z8a-qufe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67686?format=json","vulnerability_id":"VCID-cbdg-vzrj-puc2","summary":"OpenClaw before 2026.4.20 contains an improper environment variable validation vulnerability in MCP stdio server configuration that allows attackers to execute arbitrary code. Malicious workspace configurations can pass dangerous startup variables like NODE_OPTIONS, LD_PRELOAD, or BASH_ENV to spawned MCP server processes, enabling code injection when operators start sessions using those servers.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44995","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01927","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02801","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44995"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44995","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44995"},{"reference_url":"https://github.com/openclaw/openclaw/commit/62fa5071896e95edc7f67d1cebc70a2859e283af","reference_id":"62fa5071896e95edc7f67d1cebc70a2859e283af","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T17:56:23Z/"}],"url":"https://github.com/openclaw/openclaw/commit/62fa5071896e95edc7f67d1cebc70a2859e283af"},{"reference_url":"https://github.com/openclaw/openclaw/commit/85d86ebc4bf3d2226d39d132a484f4f7a299fa1b","reference_id":"85d86ebc4bf3d2226d39d132a484f4f7a299fa1b","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T17:56:23Z/"}],"url":"https://github.com/openclaw/openclaw/commit/85d86ebc4bf3d2226d39d132a484f4f7a299fa1b"},{"reference_url":"https://github.com/advisories/GHSA-mj59-h3q9-ghfh","reference_id":"GHSA-mj59-h3q9-ghfh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mj59-h3q9-ghfh"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mj59-h3q9-ghfh","reference_id":"GHSA-mj59-h3q9-ghfh","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T17:56:23Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mj59-h3q9-ghfh"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-mcp-stdio-environment-variables","reference_id":"openclaw-arbitrary-code-execution-via-mcp-stdio-environment-variables","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T17:56:23Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-mcp-stdio-environment-variables"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["CVE-2026-44995","GHSA-mj59-h3q9-ghfh"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cbdg-vzrj-puc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67718?format=json","vulnerability_id":"VCID-cf4u-fs5p-3ue3","summary":"OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in QQBot direct media upload that skips URL validation. Attackers can bypass SSRF protections by sending crafted image URLs to uploadC2CMedia and uploadGroupMedia endpoints to relay unintended requests.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44117","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14096","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14214","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44117"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44117","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44117"},{"reference_url":"https://github.com/openclaw/openclaw/commit/49db424c8001f2f419aad85f434894d8d85c1a09","reference_id":"49db424c8001f2f419aad85f434894d8d85c1a09","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:33:16Z/"}],"url":"https://github.com/openclaw/openclaw/commit/49db424c8001f2f419aad85f434894d8d85c1a09"},{"reference_url":"https://github.com/advisories/GHSA-c4qg-j8jg-42q5","reference_id":"GHSA-c4qg-j8jg-42q5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c4qg-j8jg-42q5"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-c4qg-j8jg-42q5","reference_id":"GHSA-c4qg-j8jg-42q5","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:33:16Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-c4qg-j8jg-42q5"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-in-qqbot-direct-media-upload","reference_id":"openclaw-server-side-request-forgery-in-qqbot-direct-media-upload","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:33:16Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-server-side-request-forgery-in-qqbot-direct-media-upload"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["CVE-2026-44117","GHSA-c4qg-j8jg-42q5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cf4u-fs5p-3ue3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67782?format=json","vulnerability_id":"VCID-e327-pu9e-x7gh","summary":"OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents to spawn ACP child sessions that fail to inherit depth, child-count limits, control scope, or target-agent restrictions. Attackers can exploit this by spawning child sessions that bypass subagent-only constraints, potentially escalating privileges or accessing restricted resources.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44997","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0842","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09884","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44997"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44997","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44997"},{"reference_url":"https://github.com/openclaw/openclaw/commit/31160dc069b7cc5d833b39c53736a41ad3befda2","reference_id":"31160dc069b7cc5d833b39c53736a41ad3befda2","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:34Z/"}],"url":"https://github.com/openclaw/openclaw/commit/31160dc069b7cc5d833b39c53736a41ad3befda2"},{"reference_url":"https://github.com/advisories/GHSA-q3jj-46pq-826r","reference_id":"GHSA-q3jj-46pq-826r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q3jj-46pq-826r"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-q3jj-46pq-826r","reference_id":"GHSA-q3jj-46pq-826r","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:34Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-q3jj-46pq-826r"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-security-envelope-constraint-bypass-in-acp-child-sessions","reference_id":"openclaw-security-envelope-constraint-bypass-in-acp-child-sessions","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:25:34Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-security-envelope-constraint-bypass-in-acp-child-sessions"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375357?format=json","purl":"pkg:npm/openclaw@2026.4.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22"}],"aliases":["CVE-2026-44997","GHSA-q3jj-46pq-826r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e327-pu9e-x7gh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67649?format=json","vulnerability_id":"VCID-e8sz-63dk-tfbs","summary":"OpenClaw before 2026.4.21 contains an authorization bypass vulnerability in command-auth.ts that allows non-owner senders to execute owner-enforced slash commands when wildcard inbound senders are configured without explicit owner allowFrom settings. Attackers can exploit this by sending commands like /send, /config, or /debug on affected channels to bypass owner-only command authorization checks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44991","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.09004","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.1055","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44991"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44991","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44991"},{"reference_url":"https://github.com/openclaw/openclaw/commit/2aa93d44a1b2c7058c371f261fda2b5d4de4a882","reference_id":"2aa93d44a1b2c7058c371f261fda2b5d4de4a882","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:26:30Z/"}],"url":"https://github.com/openclaw/openclaw/commit/2aa93d44a1b2c7058c371f261fda2b5d4de4a882"},{"reference_url":"https://github.com/openclaw/openclaw/commit/995febb7b1e811ff6a1df5b18c22de94103f4c9f","reference_id":"995febb7b1e811ff6a1df5b18c22de94103f4c9f","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:26:30Z/"}],"url":"https://github.com/openclaw/openclaw/commit/995febb7b1e811ff6a1df5b18c22de94103f4c9f"},{"reference_url":"https://github.com/advisories/GHSA-c28g-vh7m-fm7v","reference_id":"GHSA-c28g-vh7m-fm7v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c28g-vh7m-fm7v"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-c28g-vh7m-fm7v","reference_id":"GHSA-c28g-vh7m-fm7v","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:26:30Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-c28g-vh7m-fm7v"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-owner-enforced-commands-via-wildcard-channel-senders","reference_id":"openclaw-authorization-bypass-in-owner-enforced-commands-via-wildcard-channel-senders","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T17:26:30Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-owner-enforced-commands-via-wildcard-channel-senders"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374221?format=json","purl":"pkg:npm/openclaw@2026.4.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.21"}],"aliases":["CVE-2026-44991","GHSA-c28g-vh7m-fm7v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e8sz-63dk-tfbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360432?format=json","vulnerability_id":"VCID-eefn-gpc1-mfdx","summary":"OpenClaw's gateway config mutation guard allowed unsafe model-driven config writes\n## Summary\n\nThe agent-facing `gateway` tool protects `config.apply` and `config.patch` with a model-to-operator trust boundary. That guard used a hand-maintained denylist of protected config paths. The config schema outgrew that denylist, leaving sensitive subtrees writable through model-driven gateway config mutations.\n\n## Impact\n\nA prompt-injected or otherwise compromised model running with access to the owner-only `gateway` tool could persist unsafe config changes that crossed security boundaries. Examples included config paths affecting command execution, network/proxy/TLS behavior, credential forwarding, telemetry or hook endpoints, memory/indexing surfaces, and operator policy controls. These changes could survive restart once written to config.\n\n## Affected Packages / Versions\n\n- Package: `openclaw` on npm\n- Affected: versions before `2026.4.23`\n- Fixed: `2026.4.23`\n- Latest stable verified fixed: `openclaw@2026.4.23`, tag `v2026.4.23`\n\n## Fix\n\nOpenClaw replaced the denylist with a fail-closed allowlist. Agent-driven `gateway config.apply` and `gateway config.patch` now permit only narrow agent-tunable prompt/model settings and mention-gating paths. Other config changes are rejected before the gateway mutation RPC is invoked.\n\n## Fix Commit(s)\n\n- `bceda6089aa7b3695cc7696b43c61ae3d01bb0ec` (`fix(gateway): fail closed on runtime config edits`)\n\n## Severity\n\nSeverity remains `high`. The vulnerable entry point is owner-only, but the model/agent is not a trusted principal under OpenClaw's security model, and the guard is the explicit model-to-operator boundary for persisted config mutation.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-cwj3-vqpp-pmxr","reference_id":"GHSA-cwj3-vqpp-pmxr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cwj3-vqpp-pmxr"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cwj3-vqpp-pmxr","reference_id":"GHSA-cwj3-vqpp-pmxr","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-cwj3-vqpp-pmxr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375456?format=json","purl":"pkg:npm/openclaw@2026.4.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.23"}],"aliases":["GHSA-cwj3-vqpp-pmxr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eefn-gpc1-mfdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69771?format=json","vulnerability_id":"VCID-fgkb-fmuq-wffh","summary":"OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver that loads setup-api.js from process.cwd() during provider setup metadata resolution. Attackers can execute arbitrary JavaScript under the current user account by placing a malicious extensions/<plugin>/setup-api.js file in a repository and convincing a user to run OpenClaw commands from that directory.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45004","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02795","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03602","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45004"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45004","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45004"},{"reference_url":"https://github.com/openclaw/openclaw/commit/993781e6e6eaf50f033cfc3e3bf4f47059740707","reference_id":"993781e6e6eaf50f033cfc3e3bf4f47059740707","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T18:30:14Z/"}],"url":"https://github.com/openclaw/openclaw/commit/993781e6e6eaf50f033cfc3e3bf4f47059740707"},{"reference_url":"https://github.com/advisories/GHSA-r39h-4c2p-3jxp","reference_id":"GHSA-r39h-4c2p-3jxp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r39h-4c2p-3jxp"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-r39h-4c2p-3jxp","reference_id":"GHSA-r39h-4c2p-3jxp","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T18:30:14Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-r39h-4c2p-3jxp"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-setup-api-js-in-current-working-directory","reference_id":"openclaw-arbitrary-code-execution-via-setup-api-js-in-current-working-directory","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-11T18:30:14Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-setup-api-js-in-current-working-directory"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375456?format=json","purl":"pkg:npm/openclaw@2026.4.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.23"}],"aliases":["CVE-2026-45004","GHSA-r39h-4c2p-3jxp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fgkb-fmuq-wffh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359785?format=json","vulnerability_id":"VCID-hbkd-8rx2-4qb8","summary":"OpenClaw: Agent gateway config mutations could change protected operator settings\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nThe agent-facing `gateway config.patch` / `config.apply` guard did not cover several operator-trusted settings, including sandbox policy, plugin enablement, gateway auth/TLS, hook routing, MCP server configuration, SSRF policy, and filesystem hardening. A prompt-injected model with access to the owner-only gateway tool could persist changes to those settings.\n\nThis is a model-to-operator guard bypass, not a remote unauthenticated gateway compromise. Severity is medium.\n\n## Fix\n\nOpenClaw now blocks model-driven gateway config mutations for the broader operator-trusted path set and covers per-agent overrides and array-entry patching.\n\nFix commit:\n\n- `fe30b31a97a917ecc6e92f6c85378b6b20352422`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-7jm2-g593-4qrc","reference_id":"GHSA-7jm2-g593-4qrc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7jm2-g593-4qrc"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-7jm2-g593-4qrc","reference_id":"GHSA-7jm2-g593-4qrc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-7jm2-g593-4qrc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["GHSA-7jm2-g593-4qrc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hbkd-8rx2-4qb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360332?format=json","vulnerability_id":"VCID-jdbz-6b2q-xyav","summary":"OpenClaw's Gateway Control UI bootstrap config required Gateway auth\n## Summary\nGateway Control UI bootstrap config required Gateway auth.\n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: <= 2026.4.21\n- Fixed version: 2026.4.22\n\n## Impact\nWhen Gateway authentication was enabled, the Control UI bootstrap config endpoint could still be read without a valid Gateway token. That response could expose sensitive bootstrap/config fields intended only for authenticated Control UI sessions.\n\n## Fix\nThe bootstrap config route now goes through the same Gateway read-auth path as other authenticated Control UI reads. Regression tests cover unauthenticated rejection, valid-token access, and basePath handling.\n\n## Fix Commit(s)\n- 2321d67263bc710e357644d59f746b08d891051b\n\n## Verification\n- The fix commit is contained in the public v2026.4.22 tag.\n- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.\n- Focused regression coverage for this path passed before publication.\n\nOpenClaw thanks @zsxsoft for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-93rg-2xm5-2p9v","reference_id":"GHSA-93rg-2xm5-2p9v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-93rg-2xm5-2p9v"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-93rg-2xm5-2p9v","reference_id":"GHSA-93rg-2xm5-2p9v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-93rg-2xm5-2p9v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375357?format=json","purl":"pkg:npm/openclaw@2026.4.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22"}],"aliases":["GHSA-93rg-2xm5-2p9v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jdbz-6b2q-xyav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80789?format=json","vulnerability_id":"VCID-qpq9-cabj-a7hj","summary":"OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerability in the assistant-media route that allows trusted-proxy callers without operator.read scope to access protected assistant-media files and metadata. Attackers can bypass identity-bearing HTTP auth path scope validation to retrieve sensitive media content within allowed media roots.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41908","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11227","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11162","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41908"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41908","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41908"},{"reference_url":"https://github.com/openclaw/openclaw/commit/99ef3a63c58440d53f8e45ad861b846032fcb036","reference_id":"99ef3a63c58440d53f8e45ad861b846032fcb036","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T18:25:38Z/"}],"url":"https://github.com/openclaw/openclaw/commit/99ef3a63c58440d53f8e45ad861b846032fcb036"},{"reference_url":"https://github.com/advisories/GHSA-v8qf-fr4g-28p2","reference_id":"GHSA-v8qf-fr4g-28p2","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v8qf-fr4g-28p2"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-v8qf-fr4g-28p2","reference_id":"GHSA-v8qf-fr4g-28p2","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T18:25:38Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-v8qf-fr4g-28p2"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-scope-enforcement-bypass-in-assistant-media-route","reference_id":"openclaw-scope-enforcement-bypass-in-assistant-media-route","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T18:25:38Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-scope-enforcement-bypass-in-assistant-media-route"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["CVE-2026-41908","GHSA-v8qf-fr4g-28p2"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qpq9-cabj-a7hj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67930?format=json","vulnerability_id":"VCID-qqsk-1mk9-pygw","summary":"OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in the OpenShell filesystem bridge that allows attackers to read files outside the intended mount root. Attackers can exploit symlink swaps during filesystem operations to bypass sandbox restrictions and access unauthorized file contents.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44113","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11644","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11567","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44113"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44113","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44113"},{"reference_url":"https://github.com/openclaw/openclaw/commit/95119017c847c737bd113f0bff728c4666d79c45","reference_id":"95119017c847c737bd113f0bff728c4666d79c45","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:04:19Z/"}],"url":"https://github.com/openclaw/openclaw/commit/95119017c847c737bd113f0bff728c4666d79c45"},{"reference_url":"https://github.com/advisories/GHSA-5h3g-6xhh-rg6p","reference_id":"GHSA-5h3g-6xhh-rg6p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5h3g-6xhh-rg6p"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5h3g-6xhh-rg6p","reference_id":"GHSA-5h3g-6xhh-rg6p","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:04:19Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-5h3g-6xhh-rg6p"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-time-of-check-time-of-use-race-condition-in-openshell-fs-bridge","reference_id":"openclaw-time-of-check-time-of-use-race-condition-in-openshell-fs-bridge","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"6.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:04:19Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-time-of-check-time-of-use-race-condition-in-openshell-fs-bridge"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375357?format=json","purl":"pkg:npm/openclaw@2026.4.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22"}],"aliases":["CVE-2026-44113","GHSA-5h3g-6xhh-rg6p"],"risk_score":3.8,"exploitability":"0.5","weighted_severity":"7.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qqsk-1mk9-pygw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67822?format=json","vulnerability_id":"VCID-r75w-jwbm-dyew","summary":"OpenClaw before 2026.4.20 fails to properly preserve untrusted labels for isolated cron awareness events, allowing webhook-triggered cron agent output to be recorded as trusted system events. Attackers can exploit this trust-labeling issue to strengthen prompt-injection attacks by rendering untrusted events as trusted System events.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44999","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04755","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05543","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44999"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44999","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44999"},{"reference_url":"https://github.com/openclaw/openclaw/commit/f61896b03cc7031f51106a04566831f4ac2a0bd7","reference_id":"f61896b03cc7031f51106a04566831f4ac2a0bd7","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T13:52:52Z/"}],"url":"https://github.com/openclaw/openclaw/commit/f61896b03cc7031f51106a04566831f4ac2a0bd7"},{"reference_url":"https://github.com/advisories/GHSA-57r2-h2wj-g887","reference_id":"GHSA-57r2-h2wj-g887","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-57r2-h2wj-g887"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-57r2-h2wj-g887","reference_id":"GHSA-57r2-h2wj-g887","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T13:52:52Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-57r2-h2wj-g887"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-improper-trust-labeling-in-isolated-cron-awareness-events","reference_id":"openclaw-improper-trust-labeling-in-isolated-cron-awareness-events","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T13:52:52Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-improper-trust-labeling-in-isolated-cron-awareness-events"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["CVE-2026-44999","GHSA-57r2-h2wj-g887"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r75w-jwbm-dyew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360458?format=json","vulnerability_id":"VCID-sbxm-vwhw-9fhd","summary":"OpenClaw's exec allowlist analysis rejects shell expansion in unquoted heredocs\n## Summary\nExec allowlist analysis rejects shell expansion in unquoted heredocs\n\n\n## Affected Packages / Versions\n- Package: openclaw (npm)\n- Affected versions: <= 2026.4.21\n- Fixed version: 2026.4.22\n\n## Impact\nAn allowlisted command containing an unquoted heredoc could hide shell expansion in the heredoc body. That could make the approved command text look safer than what the shell would evaluate at runtime.\n\n## Fix\nThe exec command analyzer now tracks heredoc bodies, rejects unquoted heredoc expansion tokens and continuation-splice bypasses, and preserves quoted heredocs and literal safe text.\n\n## Fix Commit(s)\n- b2e8b7d4bb2f22eaa16f5c4b07547774e90b65a5\n\n## Verification\n- The fix commit is contained in the public v2026.4.22 tag.\n- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.\n- Focused regression coverage for this path passed before publication.\n\nThanks @VladimirEliTokarev for reporting.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-x3h8-jrgh-p8jx","reference_id":"GHSA-x3h8-jrgh-p8jx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x3h8-jrgh-p8jx"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-x3h8-jrgh-p8jx","reference_id":"GHSA-x3h8-jrgh-p8jx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-x3h8-jrgh-p8jx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375357?format=json","purl":"pkg:npm/openclaw@2026.4.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.22"}],"aliases":["GHSA-x3h8-jrgh-p8jx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sbxm-vwhw-9fhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359830?format=json","vulnerability_id":"VCID-tegh-qc36-ufha","summary":"OpenClaw: Bundled MCP/LSP tools could bypass configured tool policy\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nBundled MCP and LSP tools could be appended to the agent's effective tool set after the normal tool-policy pipeline had already filtered core tools. If an operator configured a restrictive policy, such as a tool profile, explicit allow/deny list, owner-only tool restriction, sandbox tool policy, or subagent tool policy, a bundled MCP/LSP tool could remain available even though the same policy would have denied it.\n\nThe issue required a configured bundled MCP or LSP tool source and an operator policy that should have restricted that tool. This was a local agent policy-enforcement bypass, not an unauthenticated remote gateway compromise. Severity is medium.\n\n## Fix\n\nOpenClaw now applies a final effective tool policy pass to bundled MCP/LSP tools before merging them into the tool set used by normal runs and compaction. The pass covers profile policy, provider profile policy, global/agent/group policies, owner-only filtering, sandbox tool policy, and subagent tool policy.\n\nFix commit:\n\n- `0e7a992d3f3155199c1acc2dd9a53c5b3a4d3ada`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-qrp5-gfw2-gxv4","reference_id":"GHSA-qrp5-gfw2-gxv4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qrp5-gfw2-gxv4"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qrp5-gfw2-gxv4","reference_id":"GHSA-qrp5-gfw2-gxv4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-qrp5-gfw2-gxv4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["GHSA-qrp5-gfw2-gxv4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tegh-qc36-ufha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359841?format=json","vulnerability_id":"VCID-v6e8-g5w8-k3ax","summary":"OpenClaw: Browser CDP profile creation skipped strict-mode SSRF checks\n## Affected Packages / Versions\n\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.4.20`\n- Patched version: `2026.4.20`\n\n## Impact\n\nBrowser profile creation normalized `cdpUrl` values before persisting them, but did not apply the configured browser SSRF policy at creation time. In deployments that explicitly disabled private-network CDP targets, a stored profile could still point at a private-network or metadata endpoint and later be probed by normal profile status flows.\n\nDefault trusted-operator browser behavior allows private-network CDP endpoints, so this only affected strict-mode deployments. Severity is low.\n\n## Fix\n\nOpenClaw now checks CDP endpoints against the browser SSRF policy during profile creation and reachability operations.\n\nFix commits:\n\n- `1fd049e3074cac72f6734a7fe88468c84f5f8bd7`\n- `e90c89cf8b1459f2aa1f3a665be67392b6c03fdf`\n\n## Release\n\nFixed in OpenClaw `2026.4.20`.","references":[{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://github.com/advisories/GHSA-j4c5-89f5-f3pm","reference_id":"GHSA-j4c5-89f5-f3pm","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j4c5-89f5-f3pm"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-j4c5-89f5-f3pm","reference_id":"GHSA-j4c5-89f5-f3pm","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-j4c5-89f5-f3pm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["GHSA-j4c5-89f5-f3pm"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v6e8-g5w8-k3ax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69848?format=json","vulnerability_id":"VCID-y5k6-v1cj-cqg6","summary":"OpenClaw before 2026.4.23 caches resolved webhook route secrets backed by SecretRef values, allowing stale secrets to remain valid after rotation and reload. Attackers with previously valid webhook route secrets can continue authenticating requests and invoking configured webhook task flows until gateway or plugin restart.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45005","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17871","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19517","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45005"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45005","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45005"},{"reference_url":"https://github.com/openclaw/openclaw/commit/36c4a372a0ad5dca8bfc0d93f7aab9c2f2de66fa","reference_id":"36c4a372a0ad5dca8bfc0d93f7aab9c2f2de66fa","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T16:10:40Z/"}],"url":"https://github.com/openclaw/openclaw/commit/36c4a372a0ad5dca8bfc0d93f7aab9c2f2de66fa"},{"reference_url":"https://github.com/advisories/GHSA-q8ff-7ffm-m3r9","reference_id":"GHSA-q8ff-7ffm-m3r9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q8ff-7ffm-m3r9"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-q8ff-7ffm-m3r9","reference_id":"GHSA-q8ff-7ffm-m3r9","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T16:10:40Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-q8ff-7ffm-m3r9"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-webhook-route-secret-cache-not-invalidated-after-rotation","reference_id":"openclaw-webhook-route-secret-cache-not-invalidated-after-rotation","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L"},{"value":"5.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-12T16:10:40Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-webhook-route-secret-cache-not-invalidated-after-rotation"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375456?format=json","purl":"pkg:npm/openclaw@2026.4.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.23"}],"aliases":["CVE-2026-45005","GHSA-q8ff-7ffm-m3r9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y5k6-v1cj-cqg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67862?format=json","vulnerability_id":"VCID-yqjc-khg8-uyb4","summary":"OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW_ runtime-control environment namespace in workspace dotenv files, allowing attackers to override critical runtime variables. Malicious workspaces can set variables like OPENCLAW_GIT_DIR to manipulate trusted OpenClaw runtime behavior during source-update or installer flows.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44114","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07205","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07245","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44114"},{"reference_url":"https://github.com/openclaw/openclaw","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openclaw/openclaw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44114","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44114"},{"reference_url":"https://github.com/openclaw/openclaw/commit/018494fa3ebb9145112e68b56fe1cb2e9f9a9ed6","reference_id":"018494fa3ebb9145112e68b56fe1cb2e9f9a9ed6","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:52:56Z/"}],"url":"https://github.com/openclaw/openclaw/commit/018494fa3ebb9145112e68b56fe1cb2e9f9a9ed6"},{"reference_url":"https://github.com/advisories/GHSA-hxvm-xjvf-93f3","reference_id":"GHSA-hxvm-xjvf-93f3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hxvm-xjvf-93f3"},{"reference_url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hxvm-xjvf-93f3","reference_id":"GHSA-hxvm-xjvf-93f3","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:52:56Z/"}],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-hxvm-xjvf-93f3"},{"reference_url":"https://www.vulncheck.com/advisories/openclaw-environment-variable-namespace-collision-via-workspace-dotenv","reference_id":"openclaw-environment-variable-namespace-collision-via-workspace-dotenv","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T13:52:56Z/"}],"url":"https://www.vulncheck.com/advisories/openclaw-environment-variable-namespace-collision-via-workspace-dotenv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373308?format=json","purl":"pkg:npm/openclaw@2026.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65nh-ys6n-77ag"},{"vulnerability":"VCID-9u9n-s6sc-2bhw"},{"vulnerability":"VCID-afjz-us2v-k7ak"},{"vulnerability":"VCID-c8dt-7z8a-qufe"},{"vulnerability":"VCID-e327-pu9e-x7gh"},{"vulnerability":"VCID-e8sz-63dk-tfbs"},{"vulnerability":"VCID-eefn-gpc1-mfdx"},{"vulnerability":"VCID-fgkb-fmuq-wffh"},{"vulnerability":"VCID-jdbz-6b2q-xyav"},{"vulnerability":"VCID-qqsk-1mk9-pygw"},{"vulnerability":"VCID-sbxm-vwhw-9fhd"},{"vulnerability":"VCID-y5k6-v1cj-cqg6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.20"}],"aliases":["CVE-2026-44114","GHSA-hxvm-xjvf-93f3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yqjc-khg8-uyb4"}],"fixing_vulnerabilities":[],"risk_score":"4.3","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.4.19-beta.1"}